I am currently reviewing the firewalls that protect our corporate infrastructure. As part of this evaluation I am investigating the possibility of virtualising firewalls to take advantage of the various benefits that virtualisation has shown. To this end as part of our review process virtualised instances of Astaro Security Gateway 8 are to be reviewed.
We currently run VMware ESX 4.1 Enterprise across multiple Dell R810 servers in HA\DRS clusters across 2 very well connected PoPs . We are also planning to add a third ESX Cluster in a PoP for DR\Test-Development purposes.
We also plan on adding two server ESX 4.1 Standard clusters in 4 to 6 Branch offices.
The ESX servers have 12 gigabit network interfaces, with 4 vSwitches set up with 3 teamed network interfaces each, for the Service Console, Internal, External, and iSCSI. We are not using Jumbo frames on these systems.
Throughput performance is very high on our list of requirements, with each site connected at least at 1Gbps.
In my evaluations of virtualised instances of Astaro I have been unable to achieve throughput higher than 60Mbps.
Other virtual machines, Windows and Linux based, running on the same ESX clusters achieve near line speed of 1GBps throughput.
I have used both the ESX ovf template and performed fresh installs of Astaro 8.001 (32bit and 64bit). I use only the e1000 network interfaces when performing fresh installs.
The installation is very basic, with all outbound traffic allowed, and all AV, IPS services are turned off. CPU load on the Astaro VM is light, as is memory.
Any advice as to where I am going wrong with this evaluation, with the aim to improve network performance, would be greatly appreciated.
Kind Regards
George Coburn
This thread was automatically locked due to age.
