Performance Boosts

I learned this at CPX.

So you have 1 gateway that is a total dog and you are looking at GAIA and that sleek 64-bit kernel handling 50 gajillion magawatts of power.  Drool Drool Drool.

But now you have to upgrade. Oh geez, now I have to upgrade my management. Oh geez, new OS, so now I have to train people. UGH!!!! And then it blows up on the launch pad. Oh Oh.

Here are some tips from the backroom.

1) Look at your high performance, INSPECT intensive traffic: HTTP? H323?: Well everytime that packet hits a “ANY” service the kernel goes through the WHOLE list of INSPECT services to see if it should INSPECT it to death. This takes time, memory, etc.

Instead create a special rule for that service AND on the “advanced service” tab, remove it from the “Remove from Any” rule.

Whaaala: Our client went from 1G/sec throughput to 9.5G/sec throughput

2) NOTE: Global-Properties->Statefull Inspection->Timeouts: Crank these down to create more space in the connection table. Note that the specific SERVICE timeouts override the Global Properties ones.

Whaaaalaaa: You can put off GAIA a couple more days.

dreez

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: