Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
51525354555657585960
Chapter 7 Troubleshooting Security Servers and Content Security
How to Improve HTTP Security Server performance in a High Performance Environment
Advanced Technical Reference Guide 4.1 June 2000 54
HTTP Security server
In This Section
This section describes how to Improve VPN-1/FireWall-1 HTTP Security Server performance in a High
Performance Environment, and how to resolve and troubleshoot problems related to HTTP Security Servers
How to Improve HTTP Security Server performance in a High Performance Environment”, page 54
Resolving Common HTTP Security Server Problems ,” page 59
How to Improve HTTP Security Server performance in a High Performance EnvironmentTroubleshooting
Security Server Performance problems”, page 63
See Also:
VPN-1/FireWall-1 Performance Tuning Guide
http://www.checkpoint.com/techsupport/documentation/FW-1_VPN-1_performance.html
Suggests methods and techniques for improving various aspects VPN-1/FireWall-1 performance.
The document is organized according to the VPN-1/FireWall-1 OS platform and the nature of the
change (OS vs. VPN-1/FireWall-1 parameter tuning)
How to Improve HTTP Security Server performance in a High
Performance Environment
One of the most effective ways of improving the performance of VPN-1/FireWall-1 is to increase the
performance of the HTTP Security Server (httpss).
Using the httpss in a T-1 or less environment is fairly straight forward, whether doing content security, user
authentication, URL logging or a combination of all of the above.
However, in environments where there is significant bandwidth to the Internet (i.e. greater than T-1), and where
the number of concurrent users is large, (i.e. in the thousands) then the usage of httpss requires more
planning, and tuning in order to perform at acceptable levels.
The following outlines a real life case (names excluded) in which the httpss is specifically performance
tested with respect to the use of UFP and URL logging. The example includes hardware, software, tuning
parameters, and observations. Hopefully it will provide some guidelines to implementing the HTTP security
Server (httpss) in similar environments.
Environment
Internet connection: 10 Mbps Ethernet
Number of end users: 12,000
Hardware
Sun (TM) Enterprise 250 (2 X UltraSPARC-II 296MHz), Keyboard Present
OpenBoot 3.7, 512 MB memory installed,
AVAILABLE DISK SELECTIONS:
0. c0t0d0 <SUN4.2G cyl 3880 alt 2 hd 16 sec 135>
/pci@1f,4000/scsi@3/sd@0,0