great
article - check it out. unfortunately, not too flattering for the 'ole
app
see current issue of Network Computing (if you
are into paper) or visit the sites they reference for the online
minded:
kennyw
-----Original
Message----- From: Rodrigo Borges
[mailto:[email protected]] Sent: Wednesday, November 14,
2001 5:58 AM To:
[email protected] Subject: Re: [FW-1]
Firewall limitations
Hi.
Your Hardware will be wasted for a three legged
design. With Firewall-1 rev.4.1 all the packets are travelling through one
CPU only. However the SUN configuration guidelines might require
additional CPUs for additional qfe cards. This won't change the fact that
all your packets ... are travelling through one
CPU.
You can optimize a little bit by using
66Mhz PCI buses for lets say Fast Ethernet and the 33Mhz PCI
buses for 10 Mbit.
Everything will change in NG.
--Joerg
I am trying to
find out what FW-1 limitations.
Limitations I would be interested in would be how many
socket/flows/connections can the state table handle before the firewall is
slow or dies. What is the
amount of “hits” per second can FW-1 can handle and make stateful
decisions about before it is slow or fails? I know there will be some
limitation by bandwidth, OS, and hardware, but lets say you are running on
a SUN 4500 with 4 processors, 4 gigs of ram, Solaris 2.7 with a three
legged design thus giving you 100mb to ISP, DMZ, and internal
LAN.
Does anyone
have a good link or knowledge of this kind of
information?
|