| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Max concurrent connection on a FW-1 cluster
- To: [email protected]
- Subject: Re: [FW-1] Max concurrent connection on a FW-1 cluster
- From: Kevin Martin <[email protected]>
- Date: Mon, 10 Jun 2002 10:10:21 -0500
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcIQkA3Mnk3yZyAqT4mJtnRJNQUR4gAATMrQ
- Thread-topic: [FW-1] Max concurrent connection on a FW-1 cluster
Theoretically, you should be able to push > 50000 connections across
these 2 firewalls as long as you increase the state table sizes so that
they don't fill up with each others additional state information (you
should probably increase the amount of memory allocated to FW1 as well).
However, what happens if one of the firewalls fail and all of that
traffic needs to move? It's my opinion that your cluster should have
enough horsepower to be able to remove or have a firewall fail and still
be able to handle the load. I would recommend that you add a 3rd
firewall to your cluster and load balance across these 3 with the
thought that 2 firewalls can handle the load of 3 if necessary (always
plan for an N+1 scenario so you don't get caught short when the
inevitable blow-up happens).
Thanks and Regards,
Kevin Martin <[email protected]>
TD Options, LLC Security Officer
230 S. LaSalle, 6th Floor Chicago, IL 60604
T:F:-----Original Message-----
From: Kenneth Ord [mailto:[email protected]]
Sent: Monday, June 10, 2002 9:24 AM
To: [email protected]
Subject: [FW-1] Max concurrent connection on a FW-1 cluster
Theoretically I have a single Checkpoint FW-1 box that can handle up to
50,000 concurrent connections, which isn't enough for my network. If I
have a second firewall and run it in a load balanced cluster with the
existing firewall and they both share state, can I increase the number
of concurrent connections I can handle? I assume that since they share
state, any connections on one firewall are entered in the state table of
the other, so am I limited to 50,000 connections across the entire
cluster or is this a performance issue on a single box allowing me to
increase the number up to, say, 100,000?
Thanks,
Ken
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
