Can you have a total of 8GB memory in a 2200 appliance?
Can you install R80.10 on this appliance?
Even if you could put 8GB of RAM in a 2200 (which, as far as I know, you can't), I wouldn't recommend running a 2200 standalone (with management on same appliance).
You can run R80.10 on a 2200 as an externally managed gateway, however.
This is documented in the R80.10 release notes.
I've seen R80.10 installed as standalone setup on a 3200 appliance, which has 8GB of RAM and is the successor to the 2200 appliance. It was significantly slowing down the overall appliance performance, just by having the firewall and VPN blade activated, so that I wouldn't recommend standalone setups on any entry level enterprise appliances.
The R80.10 software has restrictions programed not allowing you to install the management component on a 2200 GW.
I would not recommend to put gateway and management on the same machine. Not in ANY environment.
I did do this in my lab sometimes in the past. But with R80 upwards I always use a seperate management system.
On R80.10 version, You can't check Security Management options on 2200 appliance during First Time Configuration wizard. The only option left is Security Gateway. So, Checkpoint appliance 2200 model doesn't support Security Management component for Gaia R80.10 version.
However in R77.30 version, you have all three options
-- Make it only Security Gateway
-- Make it only Security Management
-- Or, Make it both (Standalone)
But, if you moved to little bit higher model viz. Checkpoint 3200 model. It gives you all three options.
If we upgrade 2200 Appliance to R80.10 as only Gateway then how much memory will be utilize by system. does anyone has stats after R80.10 upgrade. One of my customer is using 2200 want to install R80.10 but not sure how much memory will be utilize. pls suggest.
Current stats: -
[Expert@FW1:0]# fw tab -t connections -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 4372 10423 13090
[Expert@FW1:0]# free -m
total used free shared buffers cached
Mem: 3973 3826 147 0 280 2517
-/+ buffers/cache: 1028 2944
Swap: 10268 0 10267
[Expert@FW1:0]# fw ctl pstat
System Capacity Summary:
Memory used: 11% (189 MB out of 1587 MB) - below watermark
Concurrent Connections: 17% (4388 out of 24900) - below watermark
Aggressive Aging is not active
I completed this upgrade last year and ran the commands above on our gateway as well as top, the performance has been much better and we never max out memory or CPU now. Stability has also been much improved. The only request I'd have of CheckPoint is to come up with a reasonable process for taking standalone 2200's and merging the SMS database into a pre-existing SMS thereby allowing the 2200 to run as an R80.10 gateway. When I did the upgrade I had to manually create the firewalls database on our Management server myself and it took a lot of hours. Anything else you'd like to see/know?
[Expert@FW1:0]# fw tab -t connections -sHOST NAME ID #VALS #PEAK #SLINKSlocalhost connections 8158 1028 7628 4034[Expert@FW1:0]# free -m total used free shared buffers cachedMem: 3973 3449 524 0 196 972-/+ buffers/cache: 2280 1693Swap: 10268 0 10268[Expert@FW1:0]# fw ctl pstat
System Capacity Summary: Memory used: 30% (470 MB out of 1534 MB) - below watermark Concurrent Connections: 1123 (Unlimited) Aggressive Aging is enabled, not active
Hash kernel memory (hmem) statistics: Total memory allocated: 448790528 bytes in 109568 (4096 bytes) blocks using 196 pools Initial memory allocated: 159383552 bytes (Hash memory extended by 289406976 bytes) Memory allocation limit: 804257792 bytes using 512 pools Total memory bytes used: 0 unused: 448790528 (100.00%) peak: 587142708 Total memory blocks used: 0 unused: 109568 (100%) peak: 145192 Allocations: 3765085848 alloc, 0 failed alloc, 3762303145 free
System kernel memory (smem) statistics: Total memory bytes used: 626696880 peak: 733426184 Total memory bytes wasted: 27397221 Blocking memory bytes used: 4086060 peak: 19018372 Non-Blocking memory bytes used: 622610820 peak: 714407812 Allocations: 46051277 alloc, 109 failed alloc, 46047657 free, 0 failed free vmalloc bytes used: 30869176 expensive: yes
Kernel memory (kmem) statistics: Total memory bytes used: 359917460 peak: 752023468 Allocations: 3811076710 alloc, 0 failed alloc 3808291599 free, 0 failed free External Allocations: 448656 for packets, 44725397 for SXL
Cookies: 1174976262 total, 0 alloc, 0 free, 17304355 dup, 1920615493 get, 437903700 put, 2122389471 len, 220468 cached len, 0 chain alloc, 0 chain free
Connections: 66999510 total, 38090191 TCP, 28216368 UDP, 692951 ICMP, 0 other, 0 anticipated, 38647 recovered, 1123 concurrent, 8012 peak concurrent
Fragments: 343363 fragments, 48433 packets, 1609 expired, 0 short, 0 large, 9 duplicates, 0 failures
NAT: 139471349/0 forw, 70947150/0 bckw, 202473015 tcpudp, 2239881 icmp, 56256377-56001125 alloc
[Expert@FW1:0]# toptop - 11:51:16 up 187 days, 15:30, 1 user, load average: 0.58, 0.94, 0.63Tasks: 139 total, 2 running, 137 sleeping, 0 stopped, 0 zombieCpu(s): 0.7%us, 0.7%sy, 0.0%ni, 92.5%id, 0.0%wa, 0.2%hi, 6.0%si, 0.0%stMem: 4068948k total, 3074932k used, 994016k free, 201120k buffersSwap: 10514532k total, 76k used, 10514456k free, 842892k cached
Retrieving data ...