|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Performance issues VPN-1 <> Netscreen
Actually, the latest ScreenOS release is 4.0.3r3. Did you check the NetScreen QoS functions?. The bandwidth defined on the interfaces is significative here. L. On Mon, 2003-07-28 at 05:51, [email protected] wrote: > > When I try to copy a large file from a client behind the Checkpoint > > to a client behind the Netscreen a get at most 2Mbps. When I copy > > the same file in the other direction I get at most 4Mbps. Since the > > firewalls will be connected through a 100Mbps WAN connection this sounds > > like a very big waste. > > > > Unfortunately I couldn't figure out where the bottleneck is. > > The CPU load on the Sun firewall goes up to 40% (that's rather > > high but shouldn't be a problem). The Netscreen reports up to 15% > > CPU load (dedicated hardware has its advantages). The network segment > > in the middle is hardly loaded (tried different types of switches and > > hubs, doesn't make a difference). The clients are not loaded either > > (copying something over the local network goes a lot faster). > > Nico, > the nescreen firewall used ASIC based technology - the hole encrytion is done > in the ASIC ... it doesnt make sense to check the cpu of the netscreen while > copying files via vpn link. > > the latest build of netscreen os is 4.0.0r10 - i suggest to use this release > because of a lot of addressed issues in 4.0.0r2. > > btw > > 1) use iperf, ttcp or large ftp file to test performance > 2) try increasing the window size on src or dst > 3) try setting "set flow path-mtu" on ns or better set flow > tcp-mss 1300 to help eliminate occurrences of frag'ed IPSec packets > 4) check netstat -s if there are any restransmits increasing (on dst and src) > 5) nat-t will decrease your performance > > bye > ad > > > > > > Any idea whether there is some setting on the Checkpoint or Netscreen > > that could limit the bandwidth a VPN can take? > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
