This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
‎2023-09-06 04:22 PM

How Many Rules Supported? How Many Objects Supported?

We now have sk178325 that details the various limits related to the maximum number of:

  • Rules supported (per policy)
  • Objects supported (includes Multi-Domain specifics)
  • Objects per group
  • Changes per Publish operation
  • Interfaces per gateway (above and beyond the limits specified in sk31631)

Actual limits you experience will depend on a number of factors, as noted in the SK. 

Labels
9 Replies
the_rock
Legend
Legend
‎2023-09-06 04:35 PM

I recall even 15 years ago, number 10000 was always floating around : - )

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-06 04:54 PM
In response to the_rock

That number may have been valid in R7x and earlier for the number of rules.
In practice, if you've got a policy of several thousand rules, it's going to be hard to manage regardless of potential performance issues that result from using a large number of objects/rules.

0 Kudos
the_rock
Legend
Legend
‎2023-09-06 04:57 PM
In response to PhoneBoy

Honestly, I cant think of any company on this planet that would even need 1000 rules, though I recall once seeing someone with 5000 + rules, probably 3000 of them disabled LOL

When I asked the guy the reason, he just told me they were scared to clean it up, JUST IN CASE...some people : - )

Andy

0 Kudos
S_E_
Advisor
‎2023-09-13 10:27 PM
In response to the_rock

hi,

there are companies who do have this request:

https://community.checkpoint.com/t5/Management/Maximum-number-of-rules-in-R80-40-and-above/m-p/13826...

But it is great that CheckPoint creates an official document with numbers/limitations. 

Regards

 

0 Kudos
S_E_
Advisor
‎2024-02-26 05:38 AM

hi,

b.t.w. is there also a SK for gateways ?

Limitations for BGP, routing table / max connections...

Appliance Sizing Tool (AST) /CPSizeMe is not really helpful in our cases.

Thanks/bye

0 Kudos
the_rock
Legend
Legend
‎2024-02-26 05:41 AM
In response to S_E_

I had personally never seen one.

Best,

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-02-26 06:18 AM
In response to S_E_

Max concurrent connections is reported on the appliance datasheets

Note it's otherwise a function of memory population and enabled blades.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2024-02-26 06:22 AM
In response to S_E_

Make sure below is enabled, as it lets firewall calculate the connections based on the resourses available.

Andy

 

Screenshot_1.png

0 Kudos
S_E_
Advisor
‎2024-02-26 06:28 AM
In response to the_rock

hi yes, thanks. Just cross-checked and auto optimization seems to be default.

Data sheet mentioned 8M (for the lab but not real data) which is far beyond 400K connections.

Thanks

 

 
 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events