NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Why choose Nokia? Here's why.



- ----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Cc: "Scott Schindler" <[email protected]>;
<[email protected]>
Sent: Friday, September 22, 2000 2:53 PM
Subject: RE: [FW1] Why choose Nokia? Here's why.

<snip>
> However, he was somewhat misleading in his comparison of Stonebeat to
> Nokia's.
<snip>

Can you extrapolate on that?

> "Mark Decker" <[email protected]> on 09/22/2000 03:22:05 PM
> To:   "Scott Schindler" <[email protected]>
> cc:   [email protected] (bcc: Mark Boltz/Stone)
> Subject:  RE: [FW1] Why choose Nokia?  Here's why.

<snip>
> As an HA solution, VRRP is adequate for some
> purposes,
> but it can't do dynamic load balancing and does nothing to address
> scalability.
<snip>

So there *is* a single solution that provides both load-balancing and HA
without one affecting the performance of the other?

>From what I have experienced comparing a Cisco PIX to a Nokia/FW1 is like
talking about sending smoke signals instead of email(exaggerating for
effect--no flames please). The "transaction" of a security device is the
security it provides while the "revenue" of a security device is its logging.
If it takes extra effort to receive logging from a security device, one is
doing the job of their vendor. My feeling is that gathering and interpreting
syslogs is not a useful expense of my time--except where there are no other
options.

The Nokia w/VRRP has always appealed to me for the simple reason that if one
of those puppies goes down I can have another up and running in a very short
time without worrying over an OS--an advantage in a large enterprise with very
segmented duties. Of course, those using OS-based (tr. not appliance)
firewalls can always have one in the wings already hardened for the same
purpose. The new processor upgrades on the Nokia's have significantly
increased the performance ratings of the boxes, squelching that argument as
well. 

Here's a nice setup for an enterprise:

Inbound Only: (1) dedicated load-balancing device, (4) Nokia IP650
INET-->|LBD|-->|DUAL_NOKIAS w/VRRP|-->|DMZ|
       |   |-->|DUAL_NOKIAS w/VRRP|   |   |

Not perfect but one could scale this in many ways for inbound or outbound
traffic. 

=====
HolySmokeBatman [hsb]
[email protected]
        KaPoW!
=========================

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.