CheckPoint UTM-1 570 and Gigabit Internet



  • Hello,

    So I just had Comcast gigabit internet installed today, and wow is it truly fast. However, peak performance only if I direct connect my nic to the modem. If I do that, I get the intended speeds:


    880 - 920Mbps down, 40 - 42Mbps up

    However, when we tried connecting through my router, a CheckPoint UTM-1 570 firewall box with PFSense 2.3.3, these are the average speeds I get:


    230 - 340Mbps down, 40 - 42Mbps up

    What is going on here? On the official stats of this box it says it can do 2.5Gbps firewall throughput, but curiously, 300Mbps VPN throughput. I, however, and not using any sort of VPN.

    Here is the spec brochure, the UTM-1 570 specs are on page 18 of the document, or page 16 if looking at the page number printed on the page:
    http://www.inuit.se/gogn/Checkpoint/checkpoint_appliances_brochure.pdf

    Here is the main page of the router for reference as well:

    It is just the modem, the router, and a gigabit switch. To eliminate the switch being a possible bottleneck I connected my nic directly to the LAN interface port on the router but still same results. Is this just a hardware limitation or is there something I can tweak, because both LAN and WAN are gigabit ports and the specs say it can handle the speed, but PFSense is showing otherwise.

    So, what would be recommended I do next? Any help would be greatly appreciated.

    Thanks,

    Adam



  • Or am I just stupid and the processor that the box has is way under powered? It is just curious because the specs of the box clearly say it has gigabit WAN and LAN throughput capability.



  • That box if I'm googling correctly is using a single core Celeron M running at 600Mhz. My educated guess is that's not enough computing power to handle 1Gbps of sustained traffic even if it's just basic NAT/FW.

    Anybody feel free to correct me.



  • UTM-1 570
    Intel Celeron M 1.5 GHz
    1 GB RAM
    160 GB ATA HDD
    Firewall Throughput: 2.5 Gbps
    VPN Throughput: 300 Mbps
    IPS Troughput: 1.7 Gbps

    But according to your screenshot it looks more like UTM-1 270 specs
    UTM-1 270
    Intel Celeron M 600 MHz
    1 GB DDR2 RAM 400 MHz
    160 GB ATA HDD
    Firewall Throughput: 1.5 Gbps
    VPN Throughput: 120 Mbps
    IPS Troughput: 1.0 Gbps

    Even if its written in specs that it can do 'Throughput: 1.5 Gbps" I am not sure what does it mean without test specification. The CPU is very low end for gigabit anyway.