Re: Check Point sizing solution for VMware.

Oleg_Khomutinin · ‎2018-12-02

Hello Check Point community,

I really interest sizing concept, especially for virtual infrastructure environment based on VMware. Unfortunately I haven't access to the sizing tool for analyze suitable HW models then grab from them technical characteristics and prepare the same one on VMware. For me It need to calculate adequate costs for licensing and subscription NGTP packet, cause as I understand more cores->more money :-). And I need to find out better balance between them.

interest it firewall requirements, we will use:

1.blades: Firewall, Identity Awareness, Application Control, URL Filtering, Anti-Virus, Anti-Bot.

2.Distributed deployment model

3.VMware infrastructure.

4.No clustering

For this solution we are really interest parameters (CPU, Memory, Disk Space) which better to put (for firewall only, SMS is centralize and already installed):

Option 1: Less that 50 users

Option 2: Less that 100 users

Option 3: Less that 200 users

Option 4: less than 400 users.

Check point gateways we are use only as access this users to Internet and nothing more.

Really appreciated if you share some recommendations/ideas for all four options.

I already investigated CP documentation with minimum parameters as well: TAGS ARE REQUIRED --> Check Point Software Technologies: Download Center

PhoneBoy · ‎2018-12-02

The requirements for memory and disk space are listed in the Release Notes for the version you wish to run.

Those don't really change much.

For a couple hundred users or less, two cores may be sufficient (minimum allowed, I believe).

You'll probably want four cores for 400 users.

However, the above are just rough guesstimates and don't take into account your Internet throughput, which might suggest you need more cores.

I recommend you have a more detailed conversation with your local office to refine these recommendations.

Oleg_Khomutinin · ‎2018-12-03

Thank you for answer, we are plan to use no more than 50 Mbps for each branch location.

Gomboragchaa · ‎2018-12-02

Virtual Software security gateways are licensed by CPU core and license starts from 2 core.

I would suggest contact local reseller/partner.

They can provide more detailed information and suggest suitable model(license)

_Val_ · ‎2018-12-03

Sizing depends on many things, not only on amount of users. Most importantly, required Software Blades make a difference. Although Appliance Sizing tool does not work for VMware, you still can assess the needs by looking at the highest appliance recommended for your case and then "translate" its HW details into VMware. Mind that Vmware based SG will share resources with other entities and thus will be slower that a dedicated appliance.

I would recommend for cases 1 to 3 8 GB RAM and 2 CPUs. Case will need 4 cores minimum and probably 16 GB or RAM.

Also, your link to some document does not work for anyonee else but yourself, but I guess you were referring to R80.10 Release Notes.

Benoit_Verove · ‎2018-12-03

Hi,

When sizing a VM solution, I usely translate the capacities of an HA appliance.

However, for a VM, it is also important to size the IOPS needs. For now, I've never seen any document that could help.

Any advices for defining IOPS ?

Regards,

Benoit

_Val_ · ‎2018-12-03

Have you seen this: Best Practices - Performance Optimization of Security Management Server installed on VMware ESX Virt... ?

Pablo_Barriga · ‎2018-12-06

The important part is the hardware, this help me try to understand if my esx host will support that traffic.

Oleg_Khomutinin · ‎2018-12-07

Hi Pablo, can you send the link to this document please?

Pablo_Barriga · ‎2018-12-08

Hello Oleg I found it in the public cloudguard site, I’m looking forward for and r80.10 or r80.20 updated information. I used the aws cloudguard performance also for sizing