Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HristoGrigorov

SMB w/h many remote access users

Guys, shall I expect any problems on a 1470 appliance with around 70 concurrent remote access users ?

Due to that Coronavirus outbreak people from my company are likely to start working remotely next week and I want to know in advance if I am going to have issues with that 😀

Not asking if it is going to be slow or fast but if there will be instability issues? I am on latest JHF.

15 Replies
John_Fleming
Advisor

hmm..i've never gone higher then 5 or 6 active users on mine. I've moved to a 1550.

 

[Expert@remotespike]# egrep -i aes /proc/cpuinfo
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
[Expert@remotespike]#

0 Kudos
John_Fleming
Advisor

Just a thought.. spin up a VM, 30 day license point them there worst case. Service base nat to get access to it in case you only have 1 IP.

Who doesn't have a xeon monster laying around no longer eating electricity?

 

Father! The sleeper has awoken!

 

.. ok completely wrong ref but it sounds cool.

HristoGrigorov

Yeah, I must say I am tempted 🙂 But let's see what will happen next week when there will be many monkeys on the tree...

0 Kudos
Shlomi_Feldman
Employee Alumnus
Employee Alumnus

I feel 70 users is a bit too much for 1400 machine

from there other hand, if you don't have something else to put over there, I guess you will need to give it a try.

please update, I am sure this would be a very common challenge for most of us in the near future 

HristoGrigorov

Hmm, stupid me. I have a cluster of 2x1470 appliances and I can do DNS load-balancing with round-robin algorithm to distribute users to both of them. Need to test it more thoroughly but seems to work fine so far...

I will let you know more on Monday. Today Bulgaria declared state of emergency and our employees are going to work from home. 😔

0 Kudos
John_Fleming
Advisor

I'm not sure extra cores would help with vpn traffic... but.. on the off chance it does.. maybe checkpoint could unlock the other 2 cores? My 1430 seems to be a 4 core arm with 2 cores disabled at the kernel level.

0 Kudos
HristoGrigorov

My plain miserably failed because after some investigation it seems like standby node is routing remote access users to active one.

Btw, 1470 has 3 or 4 cores unlocked but it is not possible to unlock the 4th one at all.

I wish my 3600 appliance was here already. It comes with 5 users license but I hope CheckPoint will come up with some CPSB-SSLVPN-COVID19 license that will temporarily remove this limit 😁

Anyway, I will see what happens on Monday. Have some ideas... Worst case I may disable HTTPS Inspection. Ohhh, desperate times - desperate measures 😉

0 Kudos
John_Fleming
Advisor

This is super off topic, but how about a pic from Bulgaria? I never been close. It would be cool to see from a local rep. 😄

0 Kudos
HristoGrigorov

One pic is difficult to express entire country but here is a short YT video I like:

https://www.youtube.com/watch?v=N1-Jmq7BLFE

0 Kudos
John_Fleming
Advisor

cool vid.. i'll keep that in mind for my next helicopter tour for sure. What is the Colosseum? That looked pretty amazing.

Wasn't saying a single pic that encompassed everything, just like a here is a local pic. I'm in miaimi beach and besides pending doom we have a lot of kids on holiday in town. I'll take a pic later tonight to give you an idea.

 

Maybe we should move this to a OT area? 😄

 

OT Thread.. send a local pic from where ever you are!

0 Kudos
HristoGrigorov

@John_Fleming There is more info about that Colosseum:

https://en.wikipedia.org/wiki/Plovdiv_Roman_Stadium

I'd love to see pics from where you are so I am totally fine with thread about that if community admins would permit it.

0 Kudos
PhoneBoy
Admin
Admin

I guess I should create an Off-Topic board for this purpose: https://community.checkpoint.com/t5/Off-Topic/bd-p/off-topic
I'll have to add it to the menu structure so people can find it (under the "More" menu).
HristoGrigorov

Well, 48 users so far... absolutely no problem in handling them... load is same as usual.

0 Kudos
PhoneBoy
Admin
Admin

From a license perspective, according to the datasheet, the 1470 supports 200.
You're covered there at least.
I suspect 70 users should work ok, assuming you have enough bandwidth to support all the users.

In terms of evaluations for Mobile Access Blade on our appliances, we've been giving out extended evaluation licenses for it on request.
0 Kudos
HristoGrigorov

Almost all users are using RDP to access virtual machines in our DC so I think not much bandwidth will be needed for that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events