Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ruan_Kotze
Advisor

Virtual Edition - low throughput

Good day,

I've got an issue which I've been banging my head on, without much success.  I'm running a PoC of a Checkpoint appliance on vSphere 6.5. 

VM specifications:

- R80.10 GA Take 121

- 8 vCPU's

- CoreXL is enabled with 6 instances

- 8 GB RAM

- Checkpoint VM has 2 x VMXNet3 NICs

- Physical Host has 2 x 10Gb NICs, Configured as Active / Standby inside vSphere

- Tested with 15 day trial license as well as actual license

- Only the firewall blade is enabled (no IPS, AV etc.)

- Appliance deployed with the ISO - busy downloading the "R80.10 vSEC Virtual Edition (VE) Gateway in Network Mode" OVF to also test with.

The issue I have is that all traffic across and to the firewall seems to be capped at 100Mb/s.  Testing across the firewall is done with Iperf and I tested traffic to the firewall uploading a file using SCP.   Using CPView I can see that during athroughput testing load & interrupts are split fairly equally across the cores, and no single core is close to being maxed out.  CPView also does not report any Interface incoming drops or Instance high CPU issues.

I've spun up many virtual lab / testing environments without issue, so my first thought was that this was a physical host / vSphere issue, in order to eliminate that I spun up two Windows boxes on the same physical host as my CP appliance, connected to the same vSwitches and tested transfers with those.  Throughput is as expected, with the VM's able to pretty much saturate the 10GB links.

At this point in time I feel like I'm missing something very simple, but for the life of me I can't figure it out.  Any and all advice is very much appreciated.

3 Replies
Jerry
Mentor
Mentor

nice one Smiley Happy

my 1st though - I doubt there would be a cap to 100MBs on the vSEC.

are you sure you've  made the VM from the  right ISO though?

Also, i don't think you're "capped" if your VM has mentioned resources on board.

there must be something else mate ... think about it and let mek now pls. from which ISO file you've  made  that FW precisely.

--jerry--

Jerry
0 Kudos
_Val_
Admin
Admin

Check what interface mode is set on both vSEC VM and adjacent vswitch. Same for the client and server used for testing. One of three is working 100Mbps 

Vladimir
Champion
Champion

Please verify what version of Linux the VM was created as before installation of GAIA.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events