Hello everyone. Here is the situation. A client of mine plans on setting up
some DMZs off either a PIX 515 or 525. Servers will consist of smtp relay,
ftp, 2 to 4 web servers, 2 OWA servers, and 5 to 10 web app servers. Inside
(the internal LAN), there are about 10 servers, some database, which dmz
servers will need to access. They currently have 2 T1s for external access
to these DMZ based servers (no internally initiated web traffic), and do not
plan to upgrade to more that 4 T1s anytime soon. To the point, the client
claims that the PIX will be unable to handle all the traffic from the front
end and the access to the back end and that it will become a performance
bottleneck with an extremely complicated, long rule set. My experience and
opinion tell me that the PIX will do just fine and could probably handle a
hell of a lot more. It is doing static NAT also but not any VPN stuff. If
anything, with about 6000 remote clients accessing certain servers throughout
the day, the potential bottleneck with be the 2 T1s or the 2610 router in
front of the PIX, not the PIX itself - but he won't believe me! I have
plenty of performance test results and have implemented multiple PIXs and
some Check Point Firewalls. Am I missing something? How do I convince him?
Since this may not be perceived as a certification issue, you should probably
answer me directly and not clog up the list. Thank-you in advance...
David Raker CCDP, CCNP, MCSE, MCP + Internet
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
