Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Performance issues VPN-1 <> Netscreen

To: [email protected]
Subject: [FW-1] Performance issues VPN-1 <> Netscreen
From: Nico De Ranter <[email protected]>
Date: Mon, 28 Jul 2003 10:37:29 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mutt/1.2.5.1i

Hi,

I'm setting up a VPN between a Checkpoint VPN-1 NG.FP3
firewall running on a Sun V120 and a Netscreen 25 running
ScreenOS 4.0.2. The encryption used is 3DES (since that seems
to be the only common encryption scheme).  The firewalls
are currently connected directly via a 100Mbps switch (for testing).

When I try to copy a large file from a client behind the Checkpoint
to a client behind the Netscreen a get at most 2Mbps. When I copy
the same file in the other direction I get at most 4Mbps. Since the
firewalls will be connected through a 100Mbps WAN connection this sounds
like a very big waste.

Unfortunately I couldn't figure out where the bottleneck is.
The CPU load on the Sun firewall goes up to 40% (that's rather
high but shouldn't be a problem). The Netscreen reports up to 15%
CPU load (dedicated hardware has its advantages).  The network segment
in the middle is hardly loaded (tried different types of switches and
hubs, doesn't make a difference).  The clients are not loaded either
(copying something over the local network goes a lot faster).

Any idea whether there is some setting on the Checkpoint or Netscreen
that could limit the bandwidth a VPN can take?

Nico

---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Performance issues VPN-1 <> Netscreen
  - From: "[email protected]" <[email protected]>

Prev by Date: [FW-1] Remote Access Error
Next by Date: [FW-1] TCP connection timeout
Previous by thread: Re: [FW-1] Remote Access Error
Next by thread: Re: [FW-1] Performance issues VPN-1 <> Netscreen
Index(es):
- Date
- Thread