I've got an issue which I've been banging my head on, without much success. I'm running a PoC of a Checkpoint appliance on vSphere 6.5.
- R80.10 GA Take 121
- 8 vCPU's
- CoreXL is enabled with 6 instances
- 8 GB RAM
- Checkpoint VM has 2 x VMXNet3 NICs
- Physical Host has 2 x 10Gb NICs, Configured as Active / Standby inside vSphere
- Tested with 15 day trial license as well as actual license
- Only the firewall blade is enabled (no IPS, AV etc.)
- Appliance deployed with the ISO - busy downloading the "R80.10 vSEC Virtual Edition (VE) Gateway in Network Mode" OVF to also test with.
The issue I have is that all traffic across and to the firewall seems to be capped at 100Mb/s. Testing across the firewall is done with Iperf and I tested traffic to the firewall uploading a file using SCP. Using CPView I can see that during athroughput testing load & interrupts are split fairly equally across the cores, and no single core is close to being maxed out. CPView also does not report any Interface incoming drops or Instance high CPU issues.
I've spun up many virtual lab / testing environments without issue, so my first thought was that this was a physical host / vSphere issue, in order to eliminate that I spun up two Windows boxes on the same physical host as my CP appliance, connected to the same vSwitches and tested transfers with those. Throughput is as expected, with the VM's able to pretty much saturate the 10GB links.
At this point in time I feel like I'm missing something very simple, but for the life of me I can't figure it out. Any and all advice is very much appreciated.