NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Checkpoint Platform



> I like Solaris, but the arguments I get are that the Alteon
> is preforms better (applicance happy) because it is a hardware solution.
The other
> corner says that Linux costs are lower and it also runs
> faster is faster than Solaris.

It is true that throughput on a Linux machine or Alteon switch / firewall
combo can be considerably higher than on a Solaris platform.
Which raises the question: Where's your bottleneck? Do you have one
currently? There are several areas of performance to consider. Without any
claims to being exhaustive, here's a few:

- MBit/s "raw" throughput on established TCP connections or UDP streams
- Number of new connections per second (important for web server farms, for
example)
- Large-packet vs. small-packet throughput
- Security server performance - http, smtp, CVP, UFP - you get the picture.
This is a whole chapter in and of itself.
- VPN throughput in MBit/s (can be dramatically enhanced by use of AES and
Performance Pack aka SecureXL ; 3DES hardware accelerators)
- VPN key exchange performance - number of VPN channels that can be handled
at any one time (important for large-scale SecureClient/SecuRemote
deployments)
- Load-balancing capabilities (keywords ClusterXL vs. Nokia IP Clustering
vs. Stonebeat FullCluster vs. Rainfinity ... etc)
- ISP load-balancing capabilities on the box rather than through BGP (an
interesting field, with, hmm, "emerging players" :))

If you have a performance issue, I would not write off Solaris out-of-hand.
I'd evaluate the area(s) that performance is weak in, and compare the
relative merits of new platforms vs. boosting Solaris performance, if
boosting Solaris is possible for the area that you have a bottleneck in. In
other words, evaluate what switching platforms might do for you as well as
to you.

Somebody give me a reality check ... isn't the firewall part of an Alteon
solution based on SecurePlatform? If so, that means asking the same
questions of the supplier(s) that you would ask for a RedHat Linux solution:
What's the future roadmap now that RHL is dead or dying, and RHEL is the new
king?
Mind you, I'm not saying "this is not a feasible platform". It clearly is.
Questions about the future still need to be asked, though.


Regards

Shawn Behrens
Integralis/Activis Managed Security Services
111 Founders Plaza
East Hartford, CT 06108Please note that:

1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices.
3. The contents of this email are those of the individual and do not necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is sent.

http://www.integralis.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.