Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jessica_Nowak
Explorer

Sizing for Video Streaming

Hello!

I have a question regarding adding a new traffic to a existing Checkpoint Infrastructure. My customer have 2 Checkpoint 12600 appliances with one VSX instance in each appliance (HA Architecture). They have an average og 600Mbps passing through the firewall with peaks of 800Mbps. They want to add a 100Mbps video streaming (TV channel) traffic to the exisiting traffic, 24x7 streaming HD video.

How can I know if the firewalls will support the new traffic? 

Thinks to take ito account:

1) My customer wants to stay with the HA configuracion, no VSLS.

2) They want to create a new VS instance only for this traffic.

3) The traffic will just flow in one direction (Internet to a server protected my Checkpoint) will this be a problem for the Firewall?

4) Currently the node with the Active VS has this performance: 55% CPU utilization, 50% Memory Utilization.

5) Only the firewall blade is active, no IPSm no URL Filtering, etc.

Another question that I have is: Why is the 12600 in that high utilization with just 800Mbps traffic when the datasheet says that it can suppot till 14Gbps with just Firewall activited?

Thanks a lot for your help!

P.S.: I'm attaching the performace report we extracted form the CPView DB.

2 Replies
PhoneBoy
Admin
Admin

You might want to rename the attachment attached to your message since it gives away the customer name.

Also, you can merely paste the screenshots directly in the message as well.

In general, a lot of things can impact the observed performance on a Security Gateway, including running VSX Smiley Happy

Also the version you're running, which was not stated in your original message.

Traffic flows can play a big role in what your appliance is able to pass.

For example, a single flow between one source and one destination can be a limiting factor (a so-called elephant flow) on a given flow (not the overall capacity of the box).

That said, at least with the limited data you provided, I don't see a major issue adding another VS to handle a specific traffic flow (specifically one that is 100mb).

Jessica_Nowak
Explorer

Thanks a lot Dameon!

What other information do you requiere to be precise with your answer?

0 Kudos
Reply