Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
phlrnnr
Advisor

New 6000 series appliances

Has anyone gotten their hands on the new 6000 series appliances yet?  If so, what are your thoughts about them?  The pricing / performance looks pretty good.  I'd like to hear some feedback from anyone who has had a chance to play with them already.

18 Replies
PhoneBoy
Admin
Admin

The 6000 series appliances were only available to order from February 1st.

Possible a few people have them in hand now. 

Hardware-wise, they are definitely a step up from the previous generation of appliances thanks to Moore's Law Smiley Happy

phlrnnr
Advisor

Will these new appliances support the “falcon” cards?

Also, from a hardware standpoint are they pretty much variants of the same hardware platform as the 5000 series with just newer / faster processing cores?  Or are there other differences in the 6000 series from an architectural standpoint? (For example - integrated HTTPS decryption offload ASICs)
PhoneBoy
Admin
Admin

Not 100% sure they will run the Falcon cards, but they are supposed to accept the same Line Cards as the 5000 series.

Likewise they have newer/faster processing cores, but no special ASICs or similar. 

Aidan_Luby
Collaborator

Hey @PhoneBoy ,

 

Are you guys working on nested replies? The current format is making it hard to follow multiple conversations within a thread.

PhoneBoy
Admin
Admin

It's in the list of things we're working on, yes.
Timothy_Hall
Legend Legend
Legend

If anyone has gotten their hands on some 6000 series firewalls, could you please run a cat /proc/cpuinfo on them and PM me the results?  Curious to see what processors they have and whether they support hyperthreading and/or AES-NI.  Thanks!

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Aidan_Luby
Collaborator

They must have hyperthreading based on the datasheet.

 

65006800.PNG

0 Kudos
Maarten_Sjouw
Champion
Champion

The 6500 is in transit at the moment, tomorrow I'll be able to run it.
Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion

The output on a CPAP-SG6500-Plus, like this but then 8 times:
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core(TM) i7-4790S CPU @ 3.20GHz
stepping : 3
cpu MHz : 3192.821
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 0
cpu cores : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx pdpe1gb rdtscp lm constant_tsc pni monitor ds_cpl vmx smx est tm2 cx16 xtpr popcnt lahf_lm altmovcr8
bogomips : 6389.97
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

This Plus version also comes with 32GB memory.
Regards, Maarten
Timothy_Hall
Legend Legend
Legend

Great, thanks!

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Peter_Kassman
Explorer

From a CPAP-SG6800-PLUS 

processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 79
model name : Intel(R) Xeon(R) CPU E5-2640 v4 @ 2.40GHz
stepping : 1
cpu MHz : 2394.576
cache size : 25600 KB
physical id : 0
siblings : 20
core id : 0
cpu cores : 10
fpu : yes
fpu_exception : yes
cpuid level : 20
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss h t tm syscall nx pdpe1gb rdtscp lm constant_tsc pni monitor ds_cpl vmx smx est tm2 cx16 xtpr popcnt lahf_lm altmovcr8 misalignsse
bogomips : 4792.86
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:

and repeat x20

Aidan_Luby
Collaborator

I'm extremely excited about the release of the 6000 series processors. We were looking at replacing our 4600 cluster and were suggested 5200 or 5400's but I really wanted to jump to the 5600 series so that we'd get the benefits of four cores which allows us to get more optimization in the future by changing the layout of our SND cores if necessary.

 

The release of the 6500 will allow us to get hyperthreading as well which gives us more opportunity for tuning later as well among other improvements. Although the timing of the release definitely made me expect a newer CPU architecture than the 2016 appliances.

0 Kudos
Ryan_St__Germai
Advisor

Why use a CPU from 2014 in the 6500?
HeikoAnkenbrand
Champion Champion
Champion

Is there no aes-ni enabled in the BIOS?

CUT>>>

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx pdpe1gb rdtscp lm constant_tsc pni monitor ds_cpl vmx smx est tm2 cx16 xtpr popcnt lahf_lm altmovcr8

<<<CUT

I cann't see  any  aes cpu flag.

Hmmmm...

 

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Timothy_Hall
Legend Legend
Legend

AES-NI support is certainly there in Intel's specs for that processor, can't understand why it would be off in the BIOS:

https://ark.intel.com/content/www/us/en/ark/products/64591/intel-xeon-processor-e5-2640-15m-cache-2-...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Aidan_Luby
Collaborator

Did anyone find out why AES-NI is turned off? Will this be resolved soon or can it be done somehow by the customer?

Timothy_Hall
Legend Legend
Legend

Only thing I can figure is that 6000 series is using pretty new processor hardware, and perhaps AES-NI is not yet supported by the Gaia 2.6.18 kernel on that new hardware.  If this is the case it is not documented anywhere I can find.  Wonder if it is related to this:

https://community.checkpoint.com/t5/General-Management-Topics/Problem-with-CPUSE-SCP-and-policy-push...

Edit: Changed post to reflect that the 6000 series is NOT required to use the new 3.10 kernel with R80.10-R80.30, at least at this time.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Timothy_Hall
Legend Legend
Legend

It isn't off, AES-NI is being actively utilized but you just can't detect it anymore in R80.40.  See sk170779: AES-NI commands no longer work in R80.40

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events