This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oleg_Khomutinin
Participant
‎2018-12-02 11:23 AM

Check Point sizing solution for VMware.

Hello Check Point community,

I really interest sizing concept, especially for virtual infrastructure environment based on VMware. Unfortunately I haven't access to the sizing tool for analyze suitable HW models then grab from them technical characteristics and prepare the same one on VMware. For me It need to calculate adequate costs for licensing and subscription NGTP packet, cause as I understand more cores->more money :-). And I need to find out better balance between them.

interest it firewall requirements, we will use:

1.blades: Firewall, Identity Awareness, Application Control, URL Filtering, Anti-Virus, Anti-Bot.

2.Distributed deployment model

3.VMware infrastructure.

4.No clustering

For this solution we are really interest parameters (CPU, Memory, Disk Space) which better to put (for firewall only, SMS is centralize and already installed):

Option 1: Less that 50 users

Option 2: Less that 100 users

Option 3: Less that 200 users

Option 4: less than 400 users.

Check point gateways we are use only as access this users to Internet and nothing more.

Really appreciated if you share some recommendations/ideas for all four options.

I already investigated CP documentation with minimum parameters as well: TAGS ARE REQUIRED --> Check Point Software Technologies: Download Center 

12 Replies
PhoneBoy
Admin
Admin
‎2018-12-02 06:15 PM

The requirements for memory and disk space are listed in the Release Notes for the version you wish to run.

Those don't really change much.

For a couple hundred users or less, two cores may be sufficient (minimum allowed, I believe).

You'll probably want four cores for 400 users.

However, the above are just rough guesstimates and don't take into account your Internet throughput, which might suggest you need more cores.

I recommend you have a more detailed conversation with your local office to refine these recommendations.

0 Kudos
Oleg_Khomutinin
Participant
‎2018-12-03 04:42 AM
In response to PhoneBoy

Thank you for answer, we are plan to use no more than 50 Mbps for each branch location.

0 Kudos
Gomboragchaa
Advisor
‎2018-12-02 06:23 PM

Virtual Software security gateways are licensed by CPU core and license starts from 2 core. 

I would suggest contact local reseller/partner.

They can provide more detailed information and suggest suitable model(license)

0 Kudos
_Val_
Admin
Admin
‎2018-12-03 12:11 AM

Sizing depends on many things, not only on amount of users. Most importantly, required Software Blades make a difference. Although Appliance Sizing tool does not work for VMware, you still can assess the needs by looking at the highest appliance recommended for your case and then "translate" its HW details into VMware. Mind that Vmware based SG will share resources with other entities and thus will be slower that a dedicated appliance. 

I would recommend for cases 1 to 3 8 GB RAM and 2 CPUs. Case will need 4 cores minimum and probably 16 GB or RAM.

Also, your link to some document does not work for anyonee else but yourself, but I guess you were referring to R80.10 Release Notes. 

0 Kudos
Benoit_Verove
Contributor
‎2018-12-03 05:01 AM

Hi,

When sizing a VM solution, I usely translate the capacities of an HA appliance.

However, for a VM, it is also important to size the IOPS needs. For now, I've never seen any document that could help.

Any advices for defining IOPS ?

Regards,

Benoit

0 Kudos
_Val_
Admin
Admin
‎2018-12-03 05:13 AM
In response to Benoit_Verove

Have you seen this: Best Practices - Performance Optimization of Security Management Server installed on VMware ESX Virt... ?

0 Kudos
(1)
Pablo_Barriga
Advisor
‎2018-12-06 08:52 AM

The important part is the hardware, this help me try to understand if my esx host will support that traffic.

Oleg_Khomutinin
Participant
‎2018-12-07 03:38 AM
In response to Pablo_Barriga

Hi Pablo, can you send the link to this document please?

0 Kudos
Pablo_Barriga
Advisor
‎2018-12-08 08:31 AM
In response to Oleg_Khomutinin

Hello Oleg I found it in the public cloudguard site, I’m looking forward for and r80.10 or r80.20 updated information. I used the aws cloudguard performance also for sizing

0 Kudos
Marcos_Vieira
Contributor
‎2022-03-18 01:20 PM
In response to Oleg_Khomutinin

As of 2022, march, 18th:

https://www.checkpoint.com/cloudguard/cloud-network-security/iaas-private-cloud-security/

See the "Technical Specifications" section.

For Public Cloud (AWS and MS-Azure performance) see:

https://www.checkpoint.com/pt/cloudguard/cloud-network-security/iaas-public-cloud-security/

Regards,

0 Kudos
AlekseiShelepov
Advisor
‎2018-12-07 03:50 AM
In response to Pablo_Barriga

Worth mentioning here:

Performance improvement on kernel 3.10 based CloudGuard environments is ~300% comparing to current CloudGuard numbers

https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2018/12/06/r802...  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events