Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sunandan_Banerj
Employee Alumnus
Employee Alumnus

IPSec VPN Tunnel & SSL VPN user capacity

Jump to solution

Hi,

I am working on an important RFP and need the following clarification on IPsec and SSL VPN -

1. How many Site-to Site VPN does CP 23500 and CP 15600 support ?

2. How many SSL VPN concurrent users does CP 23500 & CP 15600 support ?

A quick response is highly appreciated.

Regards,

Sunandan

 

0 Kudos
1 Solution

Accepted Solutions
Sunandan_Banerj
Employee Alumnus
Employee Alumnus

I got reply from Solution Center and they say -

1. We support up to 55k VPN S2S tunnels. (No difference with ClusterXL).

2. We support up to 20K SSL VPN concurrent users with 64GB of RAM.

This is for both 23500 & 15600. This is FYI.

View solution in original post

0 Kudos
11 Replies
Jerry
Leader
Leader
0 Kudos
Sunandan_Banerj
Employee Alumnus
Employee Alumnus

Hi Jerry,

Our appliance comparison chart does not give the number of VPN tunnels and SSL VPN concurrent users.

Thanks/Sunandan

0 Kudos
Jerry
Leader
Leader
yes sorry 😞 I was wrong. I bet there are some charts for the SSL/IPSec numbers ... just digging out my documentation as well as CP Support Site. I do not have this handy but I bet Google helps 🙂
Jerry
0 Kudos
Jerry
Leader
Leader
ok. I couldn't find that information for you I'm so sorry. I think you'll be better off asking Pre-Sales guys from CP or even PS or TAC. They must have that information handy, I have somehow lost that PDF's somewhere but essentially those numbers depends very much of the hardware capacity of the device + license model for MAB and IPSec VPN. IPSec wise I guess 23xxx and 15xxx has very much about 5k users íf I'm not mistaken whilst MAB depends if you license and hardware match. Not sure what else can justify my lack of memory on that I'm so sorry Dear Employee 🙂
Jerry
0 Kudos
Sunandan_Banerj
Employee Alumnus
Employee Alumnus

No problem Jerry.

I would wait for some reply from other expert.

Thanks/Sunandan

0 Kudos
G_W_Albrecht
Legend
Legend

I fear that an answer to your question will at least start with: It does depend ! In theory, VPN tunnel and SSL User numbers are limited by size of corresponding kernel tables - but in real life, the needed traffic throughput, enabled Blades, IPS/TP profile and rule set as well as a lot more have to be taken into consideration !

0 Kudos
Jason_Elmore1
Explorer

We have an HA pair of 15600's and I currently have 62 ipsec site-to-site VPN tunnels active and have had more.  We have a few sites down at the moment.  We use a separate product for SSL VPN.

 

These are set up mostly with Check Point 1100's and some 1430's, not a lot of users at each site.

 

Jason

0 Kudos
Jason_Elmore1
Explorer
Should have said in this post, we also ran this setup on an HA pair 4800's as well. We just upgraded last year.
0 Kudos
Jerry
Leader
Leader
23500 and 15600 supports in 100% more than than.
I'd even risk saying that 300 IPSec SA's should be easy-peasy.
If more - as Guenter mentioned - all depends but I'd strongly recommend you to try this first and make sure that in "vpn tu" tool you see all SA's established (with SPI listed).
15600 is one of the newer appliances and I have doubts it won't cope (wether HA or Single) with at least 300-400 VPN Tunnels at least.
Other than that I think that the UPLINK capacity also matters and just assuming it isn't a limitation you really don't need to worry about those numbers. That's just my "5 cents" mate.
Jerry
0 Kudos
Sunandan_Banerj
Employee Alumnus
Employee Alumnus

I got reply from Solution Center and they say -

1. We support up to 55k VPN S2S tunnels. (No difference with ClusterXL).

2. We support up to 20K SSL VPN concurrent users with 64GB of RAM.

This is for both 23500 & 15600. This is FYI.

View solution in original post

0 Kudos
Carlos_Diaz
Employee
Employee

Experts

 

I have the same problem, I have an RFP with a similar reference

I need to know in perfect traffic conditions is it possible to support more than 5,000 Site to site and Client to site tunnels for a 6600

and 10,000 site to site and client to site for a 6800.

I hope somebody could help us.

 

maybe somebody from solution center.

0 Kudos