We continue the series of articles on the solution of Check Point Maestro. We have already published three introductory articles:
- Check Point Maestro Hyperscale Network Security
- Typical Use Points for Check Point Maestro
- Typical Check Point Maestro deployment scenario
Now is the time to move on to stress testing. As part of the article, we will try to show how load balancing between nodes occurs, and also consider the process of adding new gateways to an existing scalable platform. For tests we will use the well-known traffic generator - TRex.
Scenario number 1. Load balancing between two nodes
We will begin our experience with the already created Security Group, which includes two 6500 gateways:
For a performance test, we will launch the already mentioned TRex. As can be seen from the screenshot below, the load on the CPU is distributed to two devices with an average CPU load of 50% :
Scenario number 2. Add a gateway to the Security Group
Adding a new gateway to the Security Group is quite simple, in fact it is Drag & Drop:
TRex still works with the same parameters. After adding the gateway, all necessary configurations will be performed automatically. Even politics is established by itself. The whole procedure takes 5-8 minutes. After adding, we see the changed gateway metrics:
As you can see, there are already 3 gateways and the average load on the CPU is already 35% .
Scenario N3. One node emergency shutdown
For the purity of the experiment, let's put out one node using the clusterXL_admin down command.
This will immediately affect the CPU load of two gateways already working in the cluster:
Instead of a conclusion
I am sure that many would like to test this technology. Especially for them we are going to hold a workshop with real equipment . The training will be in Moscow, November 19, BC Golden Gate. The seminar will be conducted by Check Point engineer on scalable platforms - Ilya Anokhin . Unfortunately, the number of places is very limited (due to the need for real equipment), so hurry up to register .
This is not the last seminar we are going to hold, so stay tuned ( Telegram , Facebook , VK , TS Solution Blog )!