This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HighBandwidth
Explorer
‎2022-03-31 02:23 AM

Multiple tunnels to Azure to increase throughput

We have a requirement for on prem hosts to pump out >3Gbps of traffic to a private endpoint in Azure via an IPSEC VPN, R81.10 on prem to a Virtual Network Gateway in Azure.  The max throughput per connection on a virtual network gateway is 1.25Gbps so I need to know the best way to split this traffic in to multiple tunnels if anyone has done this?

Internal traffic will be coming from 4 x different subnets so I can use that as the internal encryption domain and create 4 x connections, but not sure if this will work?  Would I need to use 4 x different public IP addresses on the Checkpoint side so that the Azure gateway thinks it is 4 x separate sites or do I need 4 x vpn gateways in azure?

 

Anybody done this kind of thing before?

 

 

Labels
0 Kudos
3 Replies
_Val_
Admin
Admin
‎2022-03-31 03:59 AM

Moved to Cloud section.

 

Now, where is your bottleneck, do you know? I would assume it is on the cloud side, so having four cloud GWs is probably the best approach.

0 Kudos
HighBandwidth
Explorer
‎2022-03-31 04:44 AM
In response to _Val_

The limitation is at the cloud side yes, you can get a VPN gateway that will support up to 5Gbps but that is an aggregate, you can only have up to 1Gbps per tunnel.  So we either need multiple tunnels on a suitable gateway or multiple gateways.

0 Kudos
Shay_Levin
Admin
Admin
‎2022-03-31 05:33 AM

On a physical gateway, we use spi distribution mechanism which allows us to run each tunnel (source/destination) on a different core.

On Azure, we can't activate this feature so all the tunnels will process on the same core which will limit the throughput.

Besides that, you should take into consideration the throughput limitation on cloud deployment, would be a combination of latency, jitter, Internet traffic conditions, and your application behavior.

For your throughput requirement, I would consider Azure ExpressRoute instead of VPN.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events