Do note that they've changed the way of testing. "Enterprise testing conditions" is what they use now. Unforunately, this one is way more sugar-coated than the old one. Take the numbers and divide it by three, and it should come up as more realistic.
4200 is one of the smallest appliances you could buy before and the 3600 is alot more powerful. I would recommend to use the appliance sizing tool (available for partners/check point) and see what check point recommends to you. But having said that 3600 has more power than the 4200 :)
Hi Magnus. Would like to know more on how one specs a firewall hardware for a DC/branch office. I see you focus more on the IPS throughput numbers. So how does that work when I want to spec a firewall and the DIA circuit for the DC/branch office? Let's say I want the firewall, IPS and the VPN blades and I am deciding between a 500Mbps and a 1Gbps internet link. A video on this would be awesome. I have also seen some instances when the VPN gateway is a totally separate appliance from the edge firewall as VPN decreases the firewall performance by 50%. Any thoughts on this as well?
Hi, Its on the todo list of videos actually :) Regarding VPN performance i do recommend to check out SK105119 supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105119 Tim also made some great points within checkmates community. community.checkpoint.com/t5/SecureKnowledge/Tip-of-the-Week-VPN-Performance-Best-Practices/ba-p/63941 There are also improvments regarding performance on VPN, such as multicore support was intruduced within R80.10, this is active by default and increasing the performance alot. So make sure to actaully have your gw updated. supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk118097 Regards, Magnus
Forgot to mention, one of the new things in R81 is also improvments on this. So Check Point is aware that its requested with more performance and this is driven alot by public cloud and integration between onprem/cloud and hybrid cloud enviroments. Acceleration Enhanced Multi-Queue distribution of IPsec VPN traffic. Remote Access VPN Significant performance improvements for Remote Access VPN clients in Visitor Mode. Support for strongSwan IPsec clients on different Linux distributions. supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk166715 /Magnus
What appliance boxes are you guys using?
15600, 5600, 3600,
3800 - which is the new name for the 3600T apparently
Do note that they've changed the way of testing.
"Enterprise testing conditions" is what they use now.
Unforunately, this one is way more sugar-coated than the old one.
Take the numbers and divide it by three, and it should come up as more realistic.
Thanks for the tip Henrik!
well informative lecture. Thankyou very much Magnus!
Thank you :)
Thanks Mag !
Your welcome :)
So Nice 💘💘💘💘💘💘
Do you have any videos on unboxing/installing appliance?
Check Point them self have made a few :)
th-cam.com/video/QET6FTFhoGY/w-d-xo.html
I am about to replace my pair CP gateway 4200 series do you think a pair 3600 will do for me and it can set up running CLusterXL? Thank
4200 is one of the smallest appliances you could buy before and the 3600 is alot more powerful.
I would recommend to use the appliance sizing tool (available for partners/check point) and see what check point recommends to you. But having said that 3600 has more power than the 4200 :)
Thanks for the great video
thank you :)
Thanks. Wegen do you continue the topic VSX with MDS
My plan is to record a video or two during the weekend, i have not yet decided what to make for video yet.
hello sir thanks for the video, could you help me setup my checkpoint.
Check out the CCSA playlist and you will be able to setup a basic check point environment :)
Hi Magnus. Would like to know more on how one specs a firewall hardware for a DC/branch office. I see you focus more on the IPS throughput numbers. So how does that work when I want to spec a firewall and the DIA circuit for the DC/branch office? Let's say I want the firewall, IPS and the VPN blades and I am deciding between a 500Mbps and a 1Gbps internet link. A video on this would be awesome. I have also seen some instances when the VPN gateway is a totally separate appliance from the edge firewall as VPN decreases the firewall performance by 50%. Any thoughts on this as well?
Hi, Its on the todo list of videos actually :)
Regarding VPN performance i do recommend to check out SK105119
supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105119
Tim also made some great points within checkmates community.
community.checkpoint.com/t5/SecureKnowledge/Tip-of-the-Week-VPN-Performance-Best-Practices/ba-p/63941
There are also improvments regarding performance on VPN, such as multicore support was intruduced within R80.10, this is active by default and increasing the performance alot.
So make sure to actaully have your gw updated.
supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk118097
Regards,
Magnus
Forgot to mention, one of the new things in R81 is also improvments on this. So Check Point is aware that its requested with more performance and this is driven alot by public cloud and integration between onprem/cloud and hybrid cloud enviroments.
Acceleration
Enhanced Multi-Queue distribution of IPsec VPN traffic.
Remote Access VPN
Significant performance improvements for Remote Access VPN clients in Visitor Mode.
Support for strongSwan IPsec clients on different Linux distributions.
supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk166715
/Magnus
@@MagnusHolmberg-NetSec - Thanks
@@afbraganza what sort of boxes are you using today?
@@MagnusHolmberg-NetSec At the DC, its 12600 and at branches its 4400/5200. Upgrade discussions going on with our Checkpoint accounts manager.
I will get a pair of 6700 in a couple of weeks
nice :)