Thông tin tài liệu
Performance Pack
Administration Guide
Version NGX R65
March 2007
TM
© 2003-2007 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying,
distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written
authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or
omissions. This publication and features described herein are subject to change without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer
Software clause at DFARS 252.227-7013 and FAR 52.227-19.
TRADEMARKS:
©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point
Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement,
Cooperative Security Alliance, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1,
FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless
Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management,
Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer,
SecureUpdate, SecureXL, SecureXL Turbocard, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro,
SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal,
SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering,
TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-
1 Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web
Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router,
Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check
Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The
products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988, and 6,850,943 and may be protected by
other U.S. Patents, foreign patents, or pending applications.
For third party notices, see: THIRD PARTY TRADEMARKS AND COPYRIGHTS.
Table of Contents 5
Contents
Preface Who Should Use This Guide 8
Summary of Contents 9
Related Documentation 10
More Information 13
Feedback 14
Chapter 1 Introduction to Performance Pack
Overview 16
Release Notes 17
Chapter 2 Getting Started
Performance Pack NGX System Requirements 20
Minimum System Requirements 20
Recommended System Options 21
Performance Pack Recommended Platform Configuration 22
Preparing the Performance Pack NGX Machine 23
BIOS Settings 23
Network Interface Cards location 23
Installation 23
Chapter 3 Command Line
fwaccel 26
cpconfig 27
sim 28
proc entries 29
Appendix 4 Performance Tuning and Measurement Hints
Performance Tuning 32
SYN Defender 32
Amount of Concurrent Connections and Hash Size 32
Implied Rules 33
HyperThreading 33
Connection Templates 34
Delayed Synchronization 35
Performance Measurement 37
TCP State and Benchmarking 37
Index 45
6
7
Preface
P
Preface
In This Chapter
Who Should Use This Guide page 8
Summary of Contents page 9
Related Documentation page 10
More Information page 13
Feedback page 14
Who Should Use This Guide
8
Who Should Use This Guide
This guide is intended for administrators responsible for maintaining network
security within an enterprise, including policy management and user support.
This guide assumes a basic understanding of
• System administration.
• The underlying operating system.
• Internet protocols (IP, TCP, UDP etc.).
Summary of Contents
Preface 9
Summary of Contents
This document describes how to install and configure Performance Pack.
Additionally, it shows you how to get the best possible performance using
Performance Pack
Chapter Description
Chapter 1, “Introduction to
Performance Pack”
Contains a general description of Performance
Pack.
Chapter 2, “Getting Started” Describes system requirements, recommended
platforms and how to prepare for the NGX
Machine.
Chapter 3, “Command Line” Contains explanations of the Performance Pack
commands.
Chapter 4, “Performance
Tuning and Measurement
Hints”
Describes Performance Pack Tuning and
Measurement.
Related Documentation
10
Related Documentation
The NGX R65 release includes the following documentation
TABLE P-1 VPN-1 Power documentation suite documentation
Title Description
Internet Security Product
Suite Getting Started
Guide
Contains an overview of NGX R65 and step by step
product installation and upgrade procedures. This
document also provides information about What’s
New, Licenses, Minimum hardware and software
requirements, etc.
Upgrade Guide Explains all available upgrade paths for Check Point
products from VPN-1/FireWall-1 NG forward. This
guide is specifically geared towards upgrading to
NGX R65.
SmartCenter
Administration Guide
Explains SmartCenter Management solutions. This
guide provides solutions for control over
configuring, managing, and monitoring security
deployments at the perimeter, inside the network, at
all user endpoints.
Firewall and
SmartDefense
Administration Guide
Describes how to control and secure network
access; establish network connectivity; use
SmartDefense to protect against network and
application level attacks; use Web Intelligence to
protect web servers and applications; the integrated
web security capabilities; use Content Vectoring
Protocol (CVP) applications for anti-virus protection,
and URL Filtering (UFP) applications for limiting
access to web sites; secure VoIP traffic.
Virtual Private Networks
Administration Guide
This guide describes the basic components of a
VPN and provides the background for the
technology that comprises the VPN infrastructure.
[...]... Release Notes for Performance Pack can be found at: http://www.checkpoint.com/support/technical/documents/index.html Chapter 1 Introduction to Performance Pack 17 Release Notes 18 Chapter Getting Started 2 In This Chapter Performance Pack NGX System Requirements page 20 Performance Pack Recommended Platform Configuration page 22 Preparing the Performance Pack NGX Machine page 23 19 Performance Pack NGX System... Chapter Introduction to Performance Pack In This Chapter Overview page 16 Release Notes page 17 15 Overview Overview Performance Pack is supported both for SecurePlatform and Solaris platforms Performance Pack is a software acceleration product installed as an add-on to VPN-1 Power Performance Pack significantly enhances and improves the performance of VPN-1 Power Performance Pack uses Check Point’s... the interfaces to which Performance Pack is attached statistics Displays general Performance Pack statistics Chapter 3 Command Line 29 proc entries 30 Chapter Performance Tuning and Measurement Hints 4 In This Appendix Performance Tuning page 32 Performance Measurement page 37 31 Performance Tuning Performance Tuning SYN Defender To obtain optimal TCP connection setup rate performance, verify that... 3650 • HP Proliant DL-380 G5 • Dell PowerEdge 1950 or PowerEdge 2950 Please refer to the latest Performance Pack release notes for additional information on hardware support, limitations and recommendations 22 Preparing the Performance Pack NGX Machine Preparing the Performance Pack NGX Machine For optimal performance, appropriate configuration settings are recommended for the following: • BIOS Settings... entries proc entries Performance Pack supports SecurePlatform proc entries These entries are used to display information about the Performance Pack The proc entries are read-only entries They cannot be configured The proc entries are located under /proc/ppk Usage cat /proc/ppk/[conf|ifs|statistics] Parameters Table 3-3 /proc Parameters Parameter Explanation conf Displays the Performance Pack Configuration... GigaSwift Bus Technology At least two 64bit/66Mhz PCI buses, ServerWorks or Intel E7500 Chipset Chapter 2 Getting Started 21 Performance Pack Recommended Platform Configuration Performance Pack Recommended Platform Configuration It is recommended you use Performance Pack on a platform configured with a Dual-Core Intel Xeon Processor 5160 (3.00 GHz, 333 MHz FSB, 2x2 MB L2 Cache), with 667 MHz RAM, or... page 20 Performance Pack Recommended Platform Configuration page 22 Preparing the Performance Pack NGX Machine page 23 19 Performance Pack NGX System Requirements Performance Pack NGX System Requirements Performance Pack accelerates the performance of VPN-1 Power on: • Hardware supported by SecurePlatform • Solaris 8, 9, or 10 for SPARC 64 Bit Following are the minimum recommended requirements: Minimum... Settings • If your BIOS supports CPU clock setting, make sure that the BIOS is set to the actual CPU speed • If you are running Performance Pack NGX R65 on a machine with Intel Xeon CPUs, consider setting the HyperThreading feature to “on” Using HyperThreading may improve performance for some scenarios Network Interface Cards location • If you are using a motherboard with multiple PCI or PCI-X buses,... sim utility controls various Performance Pack driver features and applies only for SecurePlatform Usage sim affinity [-a|-s|-l] Parameters Affinity is a general term for binding Network Interface Card (NIC) interrupts to processors By default, SecurePlatform does not set Affinity to the NIC interrupts, which means that each NIC is handled by all processors Optimal network performance is obtained when... run, this utility displays a screen with the configuration options The options that are displayed, depend on the installed configuration and product(s) You can use cpconfig to enable or disable Performance Pack Once you have selected an acceleration setting, the setting remains configured, until you choose to change it on another occasion In other words, the settings that you define will remain even . Machine page 23
Performance Pack NGX System Requirements
20
Performance Pack NGX System
Requirements
Performance Pack accelerates the performance of VPN-1. Chapter
Performance Pack NGX System Requirements page 20
Performance Pack Recommended Platform Configuration page 22
Preparing the Performance Pack NGX
Ngày đăng: 25/01/2014, 06:24
Xem thêm: Tài liệu Performance Pack docx, Tài liệu Performance Pack docx