Create a Post
Showing results for 
Search instead for 
Did you mean: 

VPN Capacity Optimization - cpstat -f all vpn

Hi folks,

I am new to checkpoint VPN solution and would like to understand the VPN Capacity Optimization for a 4600 GW appliance running Remote Access VPN. The output of cpstat -f all vpn showed below, how do I drive the maximum concurrent users that have connected to the GW?

IKE current SAs:                              2075

IKE current SAs initiated by me:              0

IKE current SAs initiated by peer:            2075

IKE max concurrent SAs:                       2254

IKE max concurrent SAs initiated by me:       0

IKE max concurrent SAs initiated by peer:     2254

IKE total SAs:                                63454

IKE total SAs initiated by me:                0

IKE total SAs initiated by peer:              63454

IKE total SA attempts:                        98080

IKE total SA attempts initiated by me:        73612

IKE total SA attempts initiated by peer:      24468

IKE current ongoing SA negotiations:          4

IKE max concurrent SA negotiations:           35

IKE no response from peer (initiator errors): 8317

IKE total failures (initiator errors):        151288

IKE total failures (responder errors):        10302

IKE total failures (initiator + responder):   169907

IPsec current Inbound SAs:                    2138

IPsec current Outbound SAs:                   1962

IPsec max concurrent Inbound SAs:             2388

IPsec max concurrent Outbound SAs:            2158

IPsec total Inbound SAs:                      221703

IPsec total Outbound SAs:                     376261

IPsec number of VPN-1 peers:                  2351

IPsec maximum number of VPN-1 peers:          2536

IPsec number of VPN-1 RA peers:               2351

IPsec maximum number of VPN-1 RA peers:       2567

Also if there is no performance impact on the gateway can the device support 2200 + concurrent users? The customer wants to set the right value for Maximum concurrent tunnels for this box (running NGTP).



0 Kudos
1 Reply

0 Kudos