- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hi checkmates,
To understand the basis of the test numbers you can review the white paper available here:
https://pages.checkpoint.com/enterprise-security-performance.html
Additional consideration should be given to the volume of SSL/TLS traffic to be inspected if enabled.
H Chris,
Interesting article, however it explains the basis of the test numbers as you said but it doesn’t address my doubts. But if we take the appliance sizing tool and manual sizing, the tool has two key inputs: gateway total throughput and number of users. I am surprised why the utility ask for the number of users instead of number of concurrent connections. And by the other hand, what number do we have to type for the gateway total throughput? The sum of all the gateway interfaces’ bandwidth? The Internet bandwidth?
Regards,
Julian
The tool is intended to be simple to use, from the number of users provided we can derive the other data for a typical use case based on some assumptions.
If you have advanced requirements please discuss those with your local SE who can if necessary liaise with Solution Center for a detailed sizing analysis based on a current appliance model. For concurrent connections memory population is typically the concern.
1. Up to the stated datasheet figure depending upon your installed version, configuration and traffic profile/mix.
2. Possibly higher and approaching the NGFW firewall figure in some cases, again depending on your unique deployment scenario and if things like deep archive scanning or SSL inspection are enabled (impacts performance).
3. Reference the threat prevention performance metrics in such as case. Technologies such as "fast accel" can assist with extracting the most performance for specific trusted flows.
4. IPSec VPN throughput with AES-128 (AES-NI compatible algorithms are used for optimal results.)
There's one more thing you need to consider - all those numbers are MAX when CPUs have been pushed to the limit. In your daily life you don't want your appliance running 99% CPU and having no headroom for any "bumps". Half the numbers for realistic approach.
To give you real life example from the same series - 5900. We run all blades but threat extraction and box at 100% CPU probably would meet the datasheet numbers roughly 7Gbps. But I would never allow to go that far. Normally we start planning upgrades at 50% CPU as it gives us sufficient time to plan and implement.
Pure FW throughput - I actually never seen any of appliance getting anywhere near advertised numbers in real life I'm afraid. We have bunch of mid and high end appliances and at best I would say we could squeeze out about half of advertised FW throughput.
With Checkpoint it is a big "guestimation" when it comes to sizing. All depends on traffic mix you have and your own experience / gut feeling. 🙂
Thank you guys for your answers! Much more clear 😊
Hi,
This is an excerpt of the 5900 series datasheet:
Why does Check Point give the values under Ideal Testing Conditions if they are not very useful? Why the connections per second and concurrent connections parameters values are only give under Ideal Testing Conditions and not under more realistic Enterprise Testing Conditions like the others?
Regards,
Julián
The values are often used for paper based comparisons with other vendors products where similar logic is used.
If a detailed sizing is required please consult with your SE as the data will likely also have changed with optimizations in more recent software versions.
Then that’s a good point, but I still think it would be nice they give the max current connections and max connections per second under Enterprise Testing Conditions.
On the other hand, generally in real enterprise networks, what limits more the firewall performance, current connections or throughput?
Regards,
Julian
From what I know the max concurrent connections is just limited by RAM of the machine. The connections per second are such a theoretical thing and depend on so many factors that you can't really give a number. I bet you will never ever be somewhere near the 200k connections for that appliance in a real environment. With many enabled blades a 6 Core VM (GCP in my case) is nearly at max utilization with around 3000-5000 connections per second and just 200MBit/s of traffic. With low connections it can also handle 3GBit/s of throughput.
Your last question really depends where your Firewall is located. It it handling internet access for many users with Anti Virus, https Inspection etc. you will clearly hit the limit with the connections per seconds first rather than throughput. In other cases you can easily be limited by throughput.
Thanks for the answer. I thought the number of current sessions was given by the traffic the users are generating, and not by the security features the firewall is using for that traffic (AV, App Control, etc.). Am I wrong?
Concurrent sessions mean (if I'm not wrong) the number of connections in the Firewall Table so it's just limited by RAM on does not depend on activated features. On our external Firewall (Internet Access for Users) we have the following stats to give you an idea:
80000 concurrent connections
1500 connections per second
1,5GBit/s throughput
Nearly all blades are enabled, https inspection only for about 10% of the connections (but no Threat Emulation)
Our 16 Core Open Server (HPE DL360 Gen10) has an average load of about 25-30% with that setup.
That's ok, I only misunderstood when you said "It it handling internet access for many users with Anti Virus, https Inspection etc. you will clearly hit the limit with the connections per seconds first rather than throughput.". Thanks for the clarification.
Regards,
Julián
Im no Sales person, but I can tell you from my experience, 6200 and 6400 are fantastic even for bigger size companies, they perform really well.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
22 | |
16 | |
12 | |
9 | |
8 | |
7 | |
7 | |
7 | |
6 | |
6 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY