Cheers Phoneboy, but we don't do VPN or remote access on the Gateways.

Dose this work if you don't have any free cores though?
eg. a heavily loaded gateway running at 60-70% on all cores, would any cores be available to split up the processing of an elephant flow under these conditions?

We have seen zero change in cpu or memory in any of our some 20 clusters.

Most are open servers, running VSX with 2-50 VS on and only IPS blade is enabled.

Througput ranging from 0-25gbit

/Henrik

I highly doubt you would see any difference in such a scenario even if you upgrade. Just my personal opinion.

Andy

Cheers all, had the feeling that was the case.
Will probably leave off for now then.
Regards,
Jen.

If I were you, I would still upgrade, because R81.20 is 100% better version.

Andy

Keep in mind, R81.10 is only supported for another ~14.5 months. R81.20 gets another 16 months on top of that. If it takes longer than 3-4 months to upgrade your environment, it may be a good idea to start now to ensure you don't run out of runway.

I 100% agree with that statement.

Andy

I would agree with you - and depending the scope of the install base, I would start planning right away to r81.20. We do however see that support dates were extended with r80.40 and r81.10. I would be very surprised if we will not see the same extension with r81.20

As I see it - when a major is released to GA it takes another half year to get the recommended flag. After this date, any serious enterprise would still wait 3-6 jumbo hotfixes until it gets pushed to production - pushing a serious r82 date well into 2025-2026

/Henrik

Totally valid points.

I'm firewall team lead at a Fortune 500. We've had a lot of problems in the past with upgrades getting delayed and delayed and delayed until we're years past the end-of-support date for a particular version, but still running it in production. I've pushed us to get extremely aggressive about deploying new versions. We plan to upgrade some of our environment to R82 as soon as it becomes available (even before it's recommended) specifically because it can take so long to get everything upgraded. We need to have systems running it which we can point to later and say "See, we've been running it here for months and it's fine."

We're about 60% upgraded to R81.20 today, but the tail is extremely long.

Hey Bob,

I am in the exact same position, maybe at a smaller scale with some 500  Virtual Systems which translates to Denmark top 1-3... Ensuring software compliance is tough - but I agree, we are as well jumping on the band wagon on the less critical systems to r82 - simply so we can followup on issues and prepare of any issues

We simply need to progress or stay behind.

I think its definitely the mentality of most people managing other major fw vendors, sometimes, not so easy to keep up : - (

HyperFlow prioritizes total throughput over a single connection, it will only trigger if the overall system utilization is under 60%.

Thats good to know, was not aware of 60% statement.

Andy

That also leads me to somewhat, apologies if it may sound like a silly question, but how do you exactly determine overall system utilization? I never heard of command to check that, unless there is something in cpview Im not aware of...

Best,

Andy

Dynamic Balancing controls when HyperFlow is triggered, it already has the averages of FW/SND cores.

Similarly to Dynamic Balancing, CPView also queries each core utilization, and shows the averages of FW/SND cores in the CPU tab. 

Gotcha. I was more thinking of more cpu/memory/system load average.

Andy