NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Authentication Load on VPN-1 AIX



Title: Authentication Load on VPN-1 AIX

I tried to send this to the fw1-wizards list, which I'm a member, but it failed twice so.....


We are running VPN-1 4.1 SP1 on AIX (read RS6000)  The AIX box is pretty hefty.  Even with a few VPN sessions and approximately 2200 users surfing the internet (using Hide NAT) the box barely breaks a sweat at no more than 5-10% utilization.

We're about to limit WWW access to only authorized users (about 750 users) and we want to use Client Authentication in Partially Automatic mode.  We intend to set the timeout at 8-12 hours (not decided yet) so at maximum we're looking at 750 auths a day (radius server).

When we use Partially Automatic mode, the firewall "caches" the userID so it only contacts the radius server once in an 8-12 hour period.  What kind of load on the system will this generate?  I'm not worried about disk space for logging because the logging should be the same, but I am worried about possibly filling an "authentication table" or something that will bog down performance.

It's my understanding that the RS6000 is a Dual 333Mhz with 512Meg of memory.  Can anybody offer any guesses or could you share performance stats?

Thanks,

Paul Mills
Data Security Analyst
CCSA, CCSE
//AMERICREDIT CORPORATION
[email protected]

#42:  It works the way the Wang did, what's the problem?



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.