[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Authentication Load on VPN-1 AIX
Title: Authentication Load on VPN-1 AIX I tried to send this to the fw1-wizards list, which I'm a member, but it failed twice so..... We are running VPN-1 4.1 SP1 on AIX (read RS6000) The AIX box is pretty hefty. Even with a few VPN sessions and approximately 2200 users surfing the internet (using Hide NAT) the box barely breaks a sweat at no more than 5-10% utilization. We're about to limit WWW access to only authorized users (about 750 users) and we want to use Client Authentication in Partially Automatic mode. We intend to set the timeout at 8-12 hours (not decided yet) so at maximum we're looking at 750 auths a day (radius server). When we use Partially Automatic mode, the firewall "caches" the userID so it only contacts the radius server once in an 8-12 hour period. What kind of load on the system will this generate? I'm not worried about disk space for logging because the logging should be the same, but I am worried about possibly filling an "authentication table" or something that will bog down performance. It's my understanding that the RS6000 is a Dual 333Mhz with 512Meg of memory. Can anybody offer any guesses or could you share performance stats? Thanks, Paul Mills
#42: It works the way the Wang did, what's the problem?
|