This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sunandan_Banerj
Employee Alumnus
Employee Alumnus
‎2019-03-18 05:59 AM
Jump to solution

IPSec VPN Tunnel & SSL VPN user capacity

Hi,

I am working on an important RFP and need the following clarification on IPsec and SSL VPN -

1. How many Site-to Site VPN does CP 23500 and CP 15600 support ?

2. How many SSL VPN concurrent users does CP 23500 & CP 15600 support ?

A quick response is highly appreciated.

Regards,

Sunandan

 

0 Kudos
1 Solution

Accepted Solutions
Sunandan_Banerj
Employee Alumnus
Employee Alumnus
‎2019-03-19 10:16 PM
In response to Jerry
Jump to solution

I got reply from Solution Center and they say -

1. We support up to 55k VPN S2S tunnels. (No difference with ClusterXL).

2. We support up to 20K SSL VPN concurrent users with 64GB of RAM.

This is for both 23500 & 15600. This is FYI.

View solution in original post

11 Replies
Jerry
Mentor
Mentor
‎2019-03-18 06:07 AM
Jump to solution

https://www.checkpoint.com/downloads/products/check-point-appliance-comparison-chart.pdf
Jerry
0 Kudos
Sunandan_Banerj
Employee Alumnus
Employee Alumnus
‎2019-03-18 06:10 AM
In response to Jerry
Jump to solution

Hi Jerry,

Our appliance comparison chart does not give the number of VPN tunnels and SSL VPN concurrent users.

Thanks/Sunandan

0 Kudos
Jerry
Mentor
Mentor
‎2019-03-18 06:16 AM
In response to Sunandan_Banerj
Jump to solution

yes sorry 😞 I was wrong. I bet there are some charts for the SSL/IPSec numbers ... just digging out my documentation as well as CP Support Site. I do not have this handy but I bet Google helps 🙂
Jerry
0 Kudos
Jerry
Mentor
Mentor
‎2019-03-18 06:36 AM
Jump to solution

ok. I couldn't find that information for you I'm so sorry. I think you'll be better off asking Pre-Sales guys from CP or even PS or TAC. They must have that information handy, I have somehow lost that PDF's somewhere but essentially those numbers depends very much of the hardware capacity of the device + license model for MAB and IPSec VPN. IPSec wise I guess 23xxx and 15xxx has very much about 5k users íf I'm not mistaken whilst MAB depends if you license and hardware match. Not sure what else can justify my lack of memory on that I'm so sorry Dear Employee 🙂
Jerry
0 Kudos
Sunandan_Banerj
Employee Alumnus
Employee Alumnus
‎2019-03-18 07:44 AM
In response to Jerry
Jump to solution

No problem Jerry.

I would wait for some reply from other expert.

Thanks/Sunandan

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-03-18 08:01 AM
Jump to solution

I fear that an answer to your question will at least start with: It does depend ! In theory, VPN tunnel and SSL User numbers are limited by size of corresponding kernel tables - but in real life, the needed traffic throughput, enabled Blades, IPS/TP profile and rule set as well as a lot more have to be taken into consideration !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Jason_Elmore1
Participant
‎2019-03-18 09:20 AM
Jump to solution

We have an HA pair of 15600's and I currently have 62 ipsec site-to-site VPN tunnels active and have had more.  We have a few sites down at the moment.  We use a separate product for SSL VPN.

 

These are set up mostly with Check Point 1100's and some 1430's, not a lot of users at each site.

 

Jason

0 Kudos
Jason_Elmore1
Participant
‎2019-03-18 09:53 AM
In response to Jason_Elmore1
Jump to solution

Should have said in this post, we also ran this setup on an HA pair 4800's as well. We just upgraded last year.
0 Kudos
Jerry
Mentor
Mentor
‎2019-03-18 10:00 AM
In response to Jason_Elmore1
Jump to solution

23500 and 15600 supports in 100% more than than.
I'd even risk saying that 300 IPSec SA's should be easy-peasy.
If more - as Guenter mentioned - all depends but I'd strongly recommend you to try this first and make sure that in "vpn tu" tool you see all SA's established (with SPI listed).
15600 is one of the newer appliances and I have doubts it won't cope (wether HA or Single) with at least 300-400 VPN Tunnels at least.
Other than that I think that the UPLINK capacity also matters and just assuming it isn't a limitation you really don't need to worry about those numbers. That's just my "5 cents" mate.
Jerry
0 Kudos
Sunandan_Banerj
Employee Alumnus
Employee Alumnus
‎2019-03-19 10:16 PM
In response to Jerry
Jump to solution

I got reply from Solution Center and they say -

1. We support up to 55k VPN S2S tunnels. (No difference with ClusterXL).

2. We support up to 20K SSL VPN concurrent users with 64GB of RAM.

This is for both 23500 & 15600. This is FYI.

Carlos_Diaz
Employee
Employee
‎2020-02-06 06:48 AM
In response to Sunandan_Banerj
Jump to solution

Experts

 

I have the same problem, I have an RFP with a similar reference

I need to know in perfect traffic conditions is it possible to support more than 5,000 Site to site and Client to site tunnels for a 6600

and 10,000 site to site and client to site for a 6800.

I hope somebody could help us.

 

maybe somebody from solution center.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events