This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jennifer_Wilson
Contributor
‎2024-03-06 03:16 AM

Experience on converting a high load Gateway HA cluster to VSX?

Just wondering what peoples thoughts are on converting a Security Gateway HA cluster that is currently under high load to VSX?

Have a pair of 16200s in HA active/passive cluster running R81.10 latest recommended JHF, with a separate Management/logging server.
It's currently running 60-75% peak loads throughout the day, and is running IPS, Threat Prevention, URL App Control, HTTPS Categorization on most traffic (multi Gigabit loads).

Have been asked as part of an project to have the Checkpoints support VRF by using VSX. 

I've read up on the site on VSX conversions and looked at the documentation but would like to hear any real world experience of what sort of extra load on the Gateway might happen because of VSX itself? 1%? 5%? 10%? etc.
And if their are any No No's? or Gotchas I would need take care of and look out for.
Regards,
Jen.

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee
‎2024-03-06 04:25 AM

Which major version is the system operating with?

~12% overhead for systems running VSX as a guide.

Note also that there is a maximum amount of cores that you can assign to an individual VS, currently this is less than the total cores that a 16200 has available if you need to configure a large VS.

CCSM R77/R80/ELITE
0 Kudos
Lesley
Advisor
‎2024-03-06 05:07 AM

Hi,

Pro would be you can run VSX in VSLS. So example: run 1 VS on one hardware and the other VS on other hardware unit.

Then you have twice the power. BUT if one unit fails all the load will end up on one unit. 

I think it is only worth if you are planning to run a couple of VS system. If there is only one then whats the point 🙂 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
‎2024-03-06 05:49 AM

Last time I did this was back in R77 versions, not afterwards. One thing to keep in mind is that when it comes to VSX, you can NOT assign same core to more than one VS, plus it would be another core to VS0, which they call management plane, I believe.

Best,

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-03-06 05:55 AM

Hey Jen,

Forgot to add below, this should help as well.

Best,

Andy

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_VSX_AdminGuide/Topics-VSXG/C...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events