This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mian
Participant
‎2020-01-05 05:38 PM

Definition of Throughput ?

The Appliance Comparison chart (https://www.checkpoint.com/downloads/products/check-point-appliance-comparison-chart.pdf) mentions "Throughput" under Enterprise and Ideal conditions.  What does "Throughput" mean here ? 

 

1) Does it mean that that this is the maximum amount of traffic the device can handle without CPU hitting 100% or without device dropping any traffic ? 

2) How do I use this "Throughput" number to find an appropriate sized Checkpoint firewall ? For example if I have a hypothetical firewall with 4 interfaces with following 5 minutes statistics: 


INT1 = Transmitted 500M bps, Received 1500M bps

INT2 = Transmitted 2000M bps, Received 500M bps

INT3 = Transmitted 1000M bps, Received 600M bps

INT4 = Transmitted 500M bps, Received  1400M bps

 

In the above the sum of Transmitted from all interfaces is 4000Mbps and sum of Received on all interfaces is also 4000Mbps. What is the "Throughput" here ? Which one of the below is true ?

 

a) Higher value of EITHER sum of Transmitted from all interfaces  OR sum of Received from all interfaces   ? In actual device these numbers could be slightly different ?  i.e. 4000 Mbps.

b) Grand total of sum of Transmitted from all interfaces AND sum of Received from all interfaces ? i.e. 8000 Mbps. If this is the case then aren't we double counting ?

 

I will be taking the Threat Prevention (Gbps) from the comparison chart to size a firewall since this number is the lowest compared to other numbers. I assume that this Gbps has no relation with CPU utilization

 

Is there any document or link on Checkpoint website that covers "Throughput" and Sizing in the above context ? 

 

Thanks

KM

 

0 Kudos
6 Replies
_Val_
Admin
Admin
‎2020-01-06 01:34 AM

Throughput is the total amount of traffic crossing your security GW through all interfaces. Not all received will be forwarded, as some of the traffic will be dropped.

0 Kudos
Mian
Participant
‎2020-01-06 12:24 PM
In response to _Val_

Thanks for your reply. 

How CPU utilization is related to Throughput ? I assume that there will be higher CPU utilization as the Throughput reaches closer to to the MAX number specified in the Appliance  comparison chart.  What role CPU utilization plays in the sizing or ordering of a new CP FW ? 

Let's say I have a hypothetical end customer who is running CP on Open Server and his CPU utilization is around 80% and his current throughput is 50% below than suggested new CP physical appliance X Threat Prevention (Gbps).  Should I be considering one model up from CP physical appliance X just because he is hitting 80% CPU utilization ?  

Do we have CPU utilization on the FW side as well as on physical server side ? What role each CPU utilization plays here ? 

Thanks

Mian

 

 

PhoneBoy
Admin
Admin
‎2020-01-06 01:57 PM
In response to Mian

Other things can potentially impact CPU and throughput either independently or together, but high CPU will definitely throttle potential throughput.
Likewise, your CPU usage will increase as throughput does.
While you can size based on current throughput requirements, that may not give you enough headroom down the road if either the throughput needs increase or the amount of inspection does.
0 Kudos
_Val_
Admin
Admin
‎2020-01-06 11:51 PM
In response to Mian

One's security GW CPUs can play different roles: NIC interrupts, acceleration, traffic filtering, deeper inspection, etc. There are literally thick books written about it.

 

If you goal is to size a new security appliance to replace an existing gateway, the best and most practical approach is to run CPSizeme tool and then provide the collected data to your local Check Point partner or SE, for a proper sizing exercise 

0 Kudos
Timothy_Hall
Champion
Champion
‎2020-01-07 04:57 AM
In response to Mian

As Val said this is a rather complicated question and sometimes performance tuning feels more like art than science, since even if you find and mitigate one bottleneck (say CPU utilization) performance increases to a point and then you hit some other bottleneck (interface buffering drops or something).  Let's just say there will be a lots of reading available soon on this very topic...

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
_Val_
Admin
Admin
‎2020-01-07 05:22 AM
In response to Timothy_Hall

Yes, that particular book 🙂

0 Kudos
Labels