NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Firewall limitations



Title: Message
you should check RS8000 or RS6000 from rapidstream which will have support for Checkpoint by the end of the year ... speed and much less cost.
 
www.rapidstream.com
 
 
António Cardoso
-----Original Message-----
From: Rodrigo Borges [mailto:[email protected]]
Sent: Wednesday, November 14, 2001 11:58 AM
To: [email protected]
Subject: Re: [FW-1] Firewall limitations

 
Hello,
 
It seems that in fact, FW1 will almost exclusively use one processor. But, you can have many other things at your machine that will use other processors.
Apparently you can even run you VPN's at another processor, as also secure servers and stuff.
Don't forget that if one processor fails, you'll have another one available...
 
Maybe someone from Checkpoint and/or Sun could reply to this question, if this is no super intergalatic secret of course :))
 
Rodrigo 

 -----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Wednesday, November 14, 2001 10:52 AM
To: [email protected]
Subject: [FW-1] AW: [FW-1] Firewall limitations

Hi.
 
Your Hardware will be wasted for a three legged design. With Firewall-1 rev.4.1 all the packets are travelling through one CPU only. However the SUN configuration guidelines might require additional CPUs for additional qfe cards. This won't change the fact that all your packets ... are travelling through one CPU.
 
You can optimize a little bit by using 66Mhz PCI buses for lets say Fast Ethernet and the 33Mhz PCI buses for 10 Mbit.
 
Everything will change in NG.
 
--Joerg
 
-----Ursprüngliche Nachricht-----
Von: Holland, Stephen [mailto:[email protected]]
Gesendet: Dienstag, 13. November 2001 18:11
An: [email protected]
Betreff: [FW-1] Firewall limitations

I am trying to find out what FW-1 limitations.  Limitations I would be interested in would be how many socket/flows/connections can the state table handle before the firewall is slow or dies.  What is the amount of "hits" per second can FW-1 can handle and make stateful decisions about before it is slow or fails?  I know there will be some limitation by bandwidth, OS, and hardware, but lets say you are running on a SUN 4500 with 4 processors, 4 gigs of ram, Solaris 2.7 with a three legged design thus giving you 100mb to ISP, DMZ, and internal LAN.

 

Does anyone have a good link or knowledge of this kind of information?



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.