This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Muazzam_Saeed
Participant
‎2017-10-11 07:48 AM

Installing R80.10 on a 2200

Can you have a total of 8GB memory in a 2200 appliance?

Can you install R80.10 on this appliance?

8 Replies
PhoneBoy
Admin
Admin
‎2017-10-11 09:54 AM

Even if you could put 8GB of RAM in a 2200 (which, as far as I know, you can't), I wouldn't recommend running a 2200 standalone (with management on same appliance).

You can run R80.10 on a 2200 as an externally managed gateway, however.

This is documented in the R80.10 release notes. 

Danny
Champion Champion
Champion
‎2017-10-11 01:18 PM
In response to PhoneBoy

I've seen R80.10 installed as standalone setup on a 3200 appliance, which has 8GB of RAM and is the successor to the 2200 appliance. It was significantly slowing down the overall appliance performance, just by having the firewall and VPN blade activated, so that I wouldn't recommend standalone setups on any entry level enterprise appliances.

Markusevc
Employee
Employee
‎2017-10-11 01:24 PM
In response to PhoneBoy

The R80.10 software has restrictions programed not allowing you to install the management component on a 2200 GW.

Security Solutions Expert for Global Strategic Partners GSI/MSP/Telco & Consultancy Firms
Hugo_vd_Kooij
Advisor
‎2017-10-20 12:50 AM

I would not recommend to put gateway and management on the same machine. Not in ANY environment.

I did do this in my lab sometimes in the past. But with R80 upwards I always use a seperate management system.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Mahendra_Neopan
Explorer
‎2018-09-13 04:21 PM

On R80.10 version, You can't check Security Management options on 2200 appliance during First Time Configuration wizard. The only option left is Security Gateway. So, Checkpoint appliance 2200 model doesn't support Security Management component for Gaia R80.10 version. 

However in R77.30 version, you have all three options

-- Make it only Security Gateway

-- Make it only Security Management

-- Or, Make it both (Standalone)

But, if you moved to little bit higher model viz. Checkpoint 3200 model. It gives you all three options. 

Thanks 

0 Kudos
Mike_Swaminatha
Employee Alumnus
Employee Alumnus
‎2018-12-28 01:56 AM

Hi Team,

 

If we upgrade 2200 Appliance to R80.10 as only Gateway then how much memory will be utilize by system. does anyone has stats after R80.10 upgrade. One of my customer is using 2200 want to install R80.10 but not sure how much memory will be utilize. pls suggest.

 

Current stats: -

 

[Expert@FW1:0]# fw tab -t connections -s

HOST                  NAME                                ID #VALS #PEAK #SLINKS

localhost             connections                       8158  4372 10423   13090

 

 

[Expert@FW1:0]# free -m

             total       used       free     shared    buffers     cached

Mem:          3973       3826        147          0        280       2517

-/+ buffers/cache:       1028       2944

Swap:        10268          0      10267

 

 

[Expert@FW1:0]# fw ctl pstat

 

System Capacity Summary:

  Memory used: 11% (189 MB out of 1587 MB) - below watermark

  Concurrent Connections: 17% (4388 out of 24900) - below watermark

  Aggressive Aging is not active

 

regards

Mikee

0 Kudos
Aidan_Luby
Collaborator
‎2019-01-07 08:53 AM
In response to Mike_Swaminatha

Hey Mike,

I completed this upgrade last year and ran the commands above on our gateway as well as top, the performance has been much better and we never max out memory or CPU now. Stability has also been much improved. The only request I'd have of CheckPoint is to come up with a reasonable process for taking standalone 2200's and merging the SMS database into a pre-existing SMS thereby allowing the 2200 to run as an R80.10 gateway. When I did the upgrade I had to manually create the firewalls database on our Management server myself and it took a lot of hours. Anything else you'd like to see/know?

[Expert@FW1:0]# fw tab -t connections -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 1028 7628 4034
[Expert@FW1:0]# free -m
total used free shared buffers cached
Mem: 3973 3449 524 0 196 972
-/+ buffers/cache: 2280 1693
Swap: 10268 0 10268
[Expert@FW1:0]# fw ctl pstat

System Capacity Summary:
Memory used: 30% (470 MB out of 1534 MB) - below watermark
Concurrent Connections: 1123 (Unlimited)
Aggressive Aging is enabled, not active

Hash kernel memory (hmem) statistics:
Total memory allocated: 448790528 bytes in 109568 (4096 bytes) blocks using 196 pools
Initial memory allocated: 159383552 bytes (Hash memory extended by 289406976 bytes)
Memory allocation limit: 804257792 bytes using 512 pools
Total memory bytes used: 0 unused: 448790528 (100.00%) peak: 587142708
Total memory blocks used: 0 unused: 109568 (100%) peak: 145192
Allocations: 3765085848 alloc, 0 failed alloc, 3762303145 free

System kernel memory (smem) statistics:
Total memory bytes used: 626696880 peak: 733426184
Total memory bytes wasted: 27397221
Blocking memory bytes used: 4086060 peak: 19018372
Non-Blocking memory bytes used: 622610820 peak: 714407812
Allocations: 46051277 alloc, 109 failed alloc, 46047657 free, 0 failed free
vmalloc bytes used: 30869176 expensive: yes

Kernel memory (kmem) statistics:
Total memory bytes used: 359917460 peak: 752023468
Allocations: 3811076710 alloc, 0 failed alloc
3808291599 free, 0 failed free
External Allocations: 448656 for packets, 44725397 for SXL

Cookies:
1174976262 total, 0 alloc, 0 free,
17304355 dup, 1920615493 get, 437903700 put,
2122389471 len, 220468 cached len, 0 chain alloc,
0 chain free

Connections:
66999510 total, 38090191 TCP, 28216368 UDP, 692951 ICMP,
0 other, 0 anticipated, 38647 recovered, 1123 concurrent,
8012 peak concurrent

Fragments:
343363 fragments, 48433 packets, 1609 expired, 0 short,
0 large, 9 duplicates, 0 failures

NAT:
139471349/0 forw, 70947150/0 bckw, 202473015 tcpudp,
2239881 icmp, 56256377-56001125 alloc

Sync: off

[Expert@FW1:0]# top
top - 11:51:16 up 187 days, 15:30, 1 user, load average: 0.58, 0.94, 0.63
Tasks: 139 total, 2 running, 137 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.7%us, 0.7%sy, 0.0%ni, 92.5%id, 0.0%wa, 0.2%hi, 6.0%si, 0.0%st
Mem: 4068948k total, 3074932k used, 994016k free, 201120k buffers
Swap: 10514532k total, 76k used, 10514456k free, 842892k cached

0 Kudos
Mike_Swaminatha
Employee Alumnus
Employee Alumnus
‎2019-01-07 10:27 PM
In response to Aidan_Luby

Thank Aidan.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top