Re: [FW1] Problem with Configuration

Tue, 14 Nov 2000 10:56:50 -0800 


.  The machine will need a seperate interface if you want performance to improve.
This is similar to leaving the hostid on all four interfaces of a quad card.  It
works but by giving each interface a seperate MAC address the performance improves
by 80%.  I believe this is because the processing is required to determine the path
that the packet should take and it is slowing things down.  I welcome comments on
this topic.

cameron.



N Chandrasekhar wrote:

> Hi All,
>
> We are in the process of Installing the Firewall-1 Module and are facing a
> couple of problems :-
>
> Background :
> OS : Solaris 2.6
> Checkpoint Ver 4.1
> 3 Ethernet Interfaces
>
> 3 zones are created (Internet, DMZ and the Intranet)
> The Internet Zone is directly connect to the Router's Ethernet
> Router has 2 Internet Links configured with 2 different ISP's
>
> The Interface on the DMZ of Checkpoint has 1 primary Address and an other
> virtual interface (These 2 IP Addresses are Public IP's and are provided by
> the ISP's)
>
> On the Router, we have defined Policy based routing which checks for the
> Source address of any packet coming in and the same will be forwarded to the
> respective serial ports.
>
> Problem :
>
> After this excercise was done, the performance of both the Internet links
> have gone down by 80%.
>
> Can we have 2 IP Address for a single Interface on Checkpoint. Practically
> it works.
>
> Also, when we split both the links and have single IP for each interface,
> then the performance of the link is fine.
>
> Please do give me your inputs as how I can go about with this.
>
> Thanks & Regards,
> Chandru
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to