I have performed a benchmark of times for policies installation comparing R77.30 through dbedit, R80.10 through mgmt_cli and R80.10 through web services. I will appreciate any suggestion to reduce the R80.10 API times and corrections about the tests.
Testing has been performed with a server virtual machine and a different gateway virtual machine. Both of them are deployed in my local network, so network latency is minimum. The table below shows the devices settings:
Device | Memory | Processors | Hard disk |
---|
Check Point R77.30 (server) | 1 GB | 1 | 21 GB |
Check Point R77.30 (gateway) | 1 GB | 1 | 21 GB |
Check Point R80.10 (server) | 6 GB | 2 | 60 GB |
Check Point R80.10 (gateway) | 4 GB | 2 | 15 GB |
The benchmark consists of 254 host_plains, 254 network_object_groups, 254 tcp_services, 254 service_groups and 254 security_rules.
The table below shows the final results:
Method | Time (hh:mm:ss) |
---|
Check Point R77.30 (dbedit) | 00:03:46 |
Check Point R80.10 (mgmt_cli) | 00:31:20 |
Check Point R80.10 (web services) | 01:07:50 |
The command below shows an example of the mgmt_cli schema used:
mgmt_cli add host -b hosts.csv --root true
The request below shows an example of the requests sent through Postman to the web services:
Method:
POST
URL:
{{server}}/add-host
Headers:
Content-Type:application/json
X-chkp-sid:{{session}}
Body:
{
"name": "h1.1.1.1",
"color": "orange",
"comments": "1.1.1.1",
"ip-address": "1.1.1.1"
}