Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

R80.10 gateway cpu requirements

I am going to upgrade my gateway from R77.20 to R80.10. I am only running the FW blade.

Is R80.10 more demanding in terms of CPU on the gateways? How much demanding could I expect?

0 Kudos
5 Replies
Highlighted
Champion
Champion

Assuming the gateway appliance appears on this list as supporting R80.10 on the "Appliances Support" tab:

Support Life Cycle Policy | Check Point Software 

You should be fine with R80.10 gateway, especially with just the firewall blade enabled.  As always, installing the latest GA Jumbo HFA is recommended.  I like to wait until the GA Jumbo HFA has been continuously available for at least 2 weeks prior to installing it, but that's just my personal preference.

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Collaborator

It is an open server. By the way, how do you take the  hardware compatibility list? https://www.checkpoint.com/support-services/hcl/ 

There is only a column for R80 and there are only a few notes about R80.10. My guess is that if it is supported by R80, it will be supported by R80.10 too.

I have two cores of 2.6 Ghz. The usage is usually less than 20% and there are occasional peaks to 70% caused by individual flows.

I guess that with R80.10 these individual flow will be spread between the cores, right?

0 Kudos
Highlighted
Champion
Champion

As long as your open server is just a firewall (i.e. distributed - the SMS is separate), 4GB RAM should be OK with so few blades enabled, 8GB preferred.  If it is standalone (i.e. self-managed) I'd strongly recommend at least 16GB of RAM, however management operations will be very very slow with only two cores and some advanced management features will not be available.  I can pretty much guarantee you will not be happy with the performance of the management tools like SmartConsole in that case, even though you are technically meeting the minimum hardware requirements for R80.10.

As long as the HCL says R80 is supported, R80.10+ should be too.

The Dynamic Dispatcher will be enabled by default in R80.10 so the heavy traffic flows should get spread out fairly well.

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Admin
Admin

The official performance numbers for a given appliance running R77.x and R80.10 are basically the same.

That said, additional features now qualify for SecureXL acceleration (Domain, Time, Dynamic Objects).

Also, inline policies can be leveraged to do further policy optimization.

So it's possible, with some work, R80.10 will perform better in your specific situation than R77.x. 

Highlighted
Collaborator

Thanks.

According to minimum requirements section for an open server at  the R77 and R80 release notes, I have made the assumption that I would need at least twice CPU in R80. But anyway, good to know that shouldn't be necessary the case.

Thanks.

0 Kudos