Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Firewall limitations

To: [email protected]
Subject: Re: [FW-1] Firewall limitations
From: "Holland, Stephen" <[email protected]>
Date: Wed, 14 Nov 2001 15:46:29 -0500
Comments: To: "Carl E. Mankinen" <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

So, if I equate 20 connections for 1 mb of bandwidth (I think that is a good
reference) then what I can figure on is 1244mbps * 20 =  24880 possible
connections per second that CP should be able to statefuly inspect and route
in your OC-12 active/active environment.  From this link CP says 1,000,000
concurrent connections, but I am trying to lay my finger on new connections
per second that CP 4.1 can handle.

-----Original Message-----
From: Carl E. Mankinen [mailto:[email protected]]
Sent: Tuesday, November 13, 2001 2:29 PM
To: [email protected]
Subject: RE: [FW-1] Firewall limitations

Practical experience tells me that unless you are doing a LOT of
VPN+Encryption, that 4500 is serious overkill for those 100Mb links. I
have installed 420's in HA configuration that handle active/active dual
OC-12 loads. (mostly traffic is non-vpn however.)

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[email protected]] On
> Behalf Of Prokopinskiy, Igor
> Sent: Tuesday, November 13, 2001 12:42 PM
> To: [email protected]
> Subject: Re: [FW-1] Firewall limitations
>
>
> Stephen,
>
> Your HW config sounds like a waste of resources for this
> case... Here is a
> good place to start digging for information and specs:
> http://www.checkpoint.com/products/security/vpn-1_firewall-1_p
erformance.htm
l

Igor Prokopinskiy

> -----Original Message-----
> From: Holland, Stephen [SMTP:[email protected]]
> Sent: Tuesday, November 13, 2001 11:11 AM
> To:   [email protected]
> Subject:      [FW-1] Firewall limitations
>
> I am trying to find out what FW-1 limitations.  Limitations I would be
> interested in would be how many socket/flows/connections can the state
> table handle before the firewall is slow or dies.  What is the amount
of
> "hits" per second can FW-1 can handle and make stateful decisions
about
> before it is slow or fails?  I know there will be some limitation by
> bandwidth, OS, and hardware, but lets say you are running on a SUN
4500
> with 4 processors, 4 gigs of ram, Solaris 2.7 with a three legged
design
> thus giving you 100mb to ISP, DMZ, and internal LAN.
>
> Does anyone have a good link or knowledge of this kind of information?

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: Re: [FW-1] VPN with DES AND 3DES
Next by Date: [FW-1] Multiple Policy Editors
Previous by thread: Re: [FW-1] Firewall limitations
Next by thread: Re: [FW-1] Firewall limitations
Index(es):
- Date
- Thread