This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ak4020
Contributor
‎2021-01-04 07:17 AM
Jump to solution

Question RAD DNS Traffic

hello everyone, does anyone have experience with 200 mbit / s with active threat prevention and DNS response time?

0 Kudos
2 Solutions

Accepted Solutions
ak4020
Contributor
‎2021-01-04 07:43 AM
Jump to solution

whether gaia is basically able to handle pure dns traffic with active blades bpa 200mbit / s

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-04 11:27 AM
In response to ak4020
Jump to solution

Datasheet (Gen V throughout) says that should be no issue.
See: https://www.checkpoint.com/datasheets/6200-security-gateway-datasheet/

However, always a good idea to validate the precise configuration with your local Check Point SE.

View solution in original post

0 Kudos
10 Replies
Chris_Atkinson
Employee Employee
Employee
‎2021-01-04 07:41 AM
Jump to solution

What's the specific question?

Default settings typically aim to mitigate latency/timeouts per sk89340

CCSM R77/R80/ELITE
0 Kudos
ak4020
Contributor
‎2021-01-04 07:43 AM
Jump to solution

whether gaia is basically able to handle pure dns traffic with active blades bpa 200mbit / s

0 Kudos
Vincent_Bacher
Advisor
Advisor
‎2021-01-04 07:52 AM
In response to ak4020
Jump to solution

Wouldn't the number of DNS requests per second with active anti-bot/DNS malware trap be more interesting than the pure bandwidth generated by the requests?

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2021-01-04 07:49 AM
Jump to solution

I would recommend taking the appliance / solution sizing up with your local office and SE for validation.

CCSM R77/R80/ELITE
0 Kudos
ak4020
Contributor
‎2021-01-04 07:52 AM
Jump to solution

we just got poc hardware, 4000 appliance .. but before we start i thought i should ask if someone has experience whether cp can handle so much dns traffic in principle / has experience

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2021-01-04 08:01 AM
In response to ak4020
Jump to solution

4000 series appliances are old (2 generations behind), newer hardware is recommended.

CCSM R77/R80/ELITE
0 Kudos
ak4020
Contributor
‎2021-01-04 07:55 AM
Jump to solution

Unfortunately I only have the traffic - but you can hear that there are very many

0 Kudos
ak4020
Contributor
‎2021-01-04 08:03 AM
Jump to solution

sorry sg6200 - confused it with past stuff

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-04 11:27 AM
In response to ak4020
Jump to solution

Datasheet (Gen V throughout) says that should be no issue.
See: https://www.checkpoint.com/datasheets/6200-security-gateway-datasheet/

However, always a good idea to validate the precise configuration with your local Check Point SE.

0 Kudos
ak4020
Contributor
‎2021-01-04 11:35 AM
In response to PhoneBoy
Jump to solution

thanks a lot - the problem is nobody has experience here in our country with this special situation, but i just start the poc then we'll get smarter, thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top