[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Firewall limitations
You will be hard pressed to find this type of information. Also it depends on which FW version you are running. 4.1 The only limit I have seen is 25k connection limit back in the Nokia's IPSO 3.1~, for some reason had a max connection limit of 25k. This was fixed in the subsequent release of IPSO, as well as a workaround to modify the max connections and memory for the state table. I never ran into connection limits with NT, course it probably cannot handle that much in the first place, and I have never run a multi cpu Solaris box. NG: Has been tested and was said to be able to handle over 1 million connections in it connection table, personally I have never seen this, but with the new introduction of the ASIC fw's that Nortel and other vendors are producing using the NG kernel, I would probably classify this as a safe bet. Answering the rest of your question is very hardware specific and there is no sliding scale or formula that will tell you how memory. cpu's and such will affect your throughput. Jon Date: Tue, 13 Nov 2001 12:10:49 -0500 From: "Holland, Stephen" <[email protected]> Subject: Firewall limitations This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C16C66.24973D80 Content-Type: text/plain; charset="iso-8859-1" I am trying to find out what FW-1 limitations. Limitations I would be interested in would be how many socket/flows/connections can the state table handle before the firewall is slow or dies. What is the amount of "hits" per second can FW-1 can handle and make stateful decisions about before it is slow or fails? I know there will be some limitation by bandwidth, OS, and hardware, but lets say you are running on a SUN 4500 with 4 processors, 4 gigs of ram, Solaris 2.7 with a three legged design thus giving you 100mb to ISP, DMZ, and internal LAN. Does anyone have a good link or knowledge of this kind of information? Jon Vandiveer [email protected] "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759. rm -rf /bin/laden =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|