This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
Employee Employee
Employee
‎2022-02-25 02:15 AM

DOS rate limiting real life performance

Just wanted to hear from those who have deployed DOS rate limiting option (How to configure Rate Limiting rules for DoS Mitigation (R80.20 and higher) )

I realise that FWs are not really DDOS appliances and are not there to prevent such attacks but it would be interesting to hear if you have worked and seen CP DOS rate limiter in action!

We had some "real life tests" recently on 23800. That was proper UDP volume attack in attempt to fill the internet pipe. 

We have 16 SXL cores (HT), running R80.40 T139. normally carrying < 1M pps. Attack pushed it to 18Mpps and FW survived. Of course internet connectivity was a bit patchy due to RX-DRP on interface. SXL cores were pushed to 100% understandably. One before was little milder at 7Mpps and FW feared better than. Graph below shows half of the incoming packet rate

image.png

 

 

 

Here's just a sample of one SXL core CPU load:

image.png

 

 

The feeling I get is that with current 16 SXL core setup we could probably survive 5Mpps  without any problems.

Just to be clear - I refer to packets per second, bit bits 🙂

Anyone else has played with DOS rate limiter? Are you "happy" with it?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2022-02-27 04:08 PM

The rate limiter is there to help the appliance handle volumetric DDOS situations...better.
It's not going to fully mitigate a DDOS, but can be useful as a part of an overall strategy.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events