Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
William_Pochick
Explorer
Jump to solution

I have a Check Point model L-50 (serial number - 1310436119900) and I just need to know the throughput the series 1100 can handle?

I have a Check Point model L-50 (serial number - 1310436119900) and I just need to know the throughput the series 1100 can handle?

The firewall is located in NYC, I would like to upgrade my service to 400/20.  I just have to make sure the firewall can handle the traffic.

thanks - Bill

0 Kudos
1 Solution

Accepted Solutions
Rodney_Hopkins2
Contributor

The Datasheet says:

1100 Appliance Datasheet excerpt throughput numbers

As you can see above, production traffic estimates for firewall only throughput top out at 350Mbps.  Firewall + IPS and you drop to 30Mbps.

In my experience the 1100 series is getting pretty long in the tooth (and was never really a high performer) and you should strongly consider moving to something with more horsepower, particularly if you are doing more than just firewall, and given the threat landscape nowadays, you should be doing way more than just firewall.

View solution in original post

0 Kudos
6 Replies
Vladimir
Champion
Champion

You can see the rated performance of 1100 appliances here:

https://www.corporatearmor.com/documents/1100-appliance-datasheet.pdf 

0 Kudos
Mark_Mitchell
Advisor

I would be mindful of your configuration as this will affect performance (i.e what blades you have configured, size of rulebase etc, number of NAT's.) If things like IPS are enabled then you will need to consider the Threat Prevention throughput rather than just the firewall throughput. 

Regards

Mark

0 Kudos
Rodney_Hopkins2
Contributor

The Datasheet says:

1100 Appliance Datasheet excerpt throughput numbers

As you can see above, production traffic estimates for firewall only throughput top out at 350Mbps.  Firewall + IPS and you drop to 30Mbps.

In my experience the 1100 series is getting pretty long in the tooth (and was never really a high performer) and you should strongly consider moving to something with more horsepower, particularly if you are doing more than just firewall, and given the threat landscape nowadays, you should be doing way more than just firewall.

0 Kudos
William_Pochick
Explorer

Rodney,

quick question, what would you consider a step up to more horse.  is there a model you like that could preform better than the L-50 series 1100?

0 Kudos
Rodney_Hopkins2
Contributor

I considered adding some suggested models to my original reply to your question, but I didn't because I don't have much information to go on.  Smiley Happy

The answer is, it depends.  It depends on the number of users behind the firewall.  It depends on what software blades (how much security) you're planning to enable.  It depends on your needs/desires.  Do you really want/need to be able to max out your 400Mbps Internet pipe?  Are you hosting any services behind your firewall such as email, web servers, etc.?  Are you using VPN?  Site-to-site or remote access?  Is site/location critical, or critical enough that you need failover/redundancy?  If so you need to consider a cluster of firewalls.  This will pretty much double the cost of any firewall you might put in place.  Do you have other Check Point firewalls or is this your only one?  Do you have an existing Check Point management server in place?  If not, are you willing to bear the cost of putting one in place?  All these things factor into a sizing/appliance decision.

If I had a Check Point management server already, I would probably look at the 3200.  It can do up to 385Mbps of NGTP throughput.  Not quite maxing your 400Mbps circuit, but close enough in my book.  If you really want to ensure you can cover that 400Mbps circuit with NGTP protection, then you've got to go with a 5100 at minimum.  Appliances 3100 and larger require a Check Point management appliance.  They can run in standalone mode, where management and firewall run on the same box, but in my experience virtually no one is ever happy with this configuration.

If I did not have an existing Check Point management server and needed something with a similar locally managed interface to the existing 1100 series, I'd look at the 1490 or 790.  With these however, you are only going to get around 220Mbps or 330Mbps (respectively) of NGTP thoughput, so about half to three quarters of what the upgraded circuit could handle.

I'd probably also look at the 910 and its 350Mbps of NGTP throughput.

All of the above would be on my short list of appliances to look at given the single requirement that you want to upgrade to 400Mbps circuit.  However, based on the answers to the above questions, my recommendations might change.

0 Kudos
Timothy_Hall
Champion
Champion

Here is a table I used to compare the different Embedded Gaia appliances in the context of IPS performance optimization.  Also note that the 1100 series appliances are no longer supported in version R77.20.81 and later:

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events