cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

CloudGuard for AWS Performance Optimization

Jump to solution

Dear all

I've just watched "Security Gateway Performance Optimization with Tim Hall Video" and checked our VPN Cluster on premise that connects to our AWS Transit VPC CloudGuard gateways.

While our active on prem cluster member shows a nice result:

fwaccel stats -s
Accelerated conns/Total conns : 899/980 (91%)
Accelerated pkts/Total pkts   : 8083891/9502493 (85%)
F2Fed pkts/Total pkts   : 1418602/9502493 (14%)
PXL pkts/Total pkts   : 0/9502493 (0%)

it looks very different on our CloudGuard gateways:

fwaccel stats -s
Accelerated conns/Total conns : 0/242 (0%)
Accelerated pkts/Total pkts   : 0/104845 (0%)
F2Fed pkts/Total pkts   : 81177/104845 (77%)
PXL pkts/Total pkts   : 23668/104845 (22%)

or

Accelerated conns/Total conns : 0/43 (0%)
Accelerated pkts/Total pkts   : 0/78349 (0%)
F2Fed pkts/Total pkts   : 77560/78349 (98%)
PXL pkts/Total pkts   : 789/78349 (1%)

on both CloudGuard gateways secureXL is up:

fwaccel stat    
Accelerator Status : on
Accept Templates   : enabled
Drop Templates     : disabled
NAT Templates      : disabled by user
NMR Templates      : enabled
NMT Templates      : enabled

My question:

Is this a typical/normal behavior for virtual gateways in the cloud?

Best regards and thank you in advance for the feedback.

Cyrill

1 Solution

Accepted Solutions
Highlighted
Admin
Admin

Re: CloudGuard for AWS Performance Optimization

Jump to solution

The same optimization rules apply for CloudGuard IaaS as well. 

You might see if any of the following apply: SecureXL Mechanism 

View solution in original post

0 Kudos
4 Replies
Highlighted
Admin
Admin

Re: CloudGuard for AWS Performance Optimization

Jump to solution

The same optimization rules apply for CloudGuard IaaS as well. 

You might see if any of the following apply: SecureXL Mechanism 

View solution in original post

0 Kudos

Re: CloudGuard for AWS Performance Optimization

Jump to solution

Dear Dameon

Thanx for your reply.
After having read your linked SK, I assume my findings relate to VPN traffic and that not much traffic that could be accelerated is generated yet. Most of the rules relate to AWS Datacenter Objects (tags) anyway.
In our on prem R77.30 environment we started to move all rules using NSX Datacenter Objects to the end of the ruleset.

Wish us luck as we are migrating 38 vSec services and four dual clusters to 80.10...

Best regards

Cyrill

0 Kudos
Admin
Admin

Re: CloudGuard for AWS Performance Optimization

Jump to solution

The datacenter objects should accelerate with SecureXL.

However, if you're running R77.30, it's possible the real issue is lack of multi-core VPN support: New Feature in R80.10: Multicore VPN Support with Software Blades

0 Kudos

Re: CloudGuard for AWS Performance Optimization

Jump to solution

Hi Dameon

Thanx for the input but we're running on

Product version Check Point Gaia R80.10
OS build 26
OS kernel version 2.6.18-92cpx86_64
OS edition 64-bit

By the way: 38 CloudGuard instances, 8 HW gateways and 2 SMS successfully migrated to R80.10 over the weekend...