I work for an ISP and we are a big Cisco shop. we deploy PIX Firewall at our facility to protect our company and customers. About 3 months ago, we deployed about 30 Cisco PIX 535 series that support Gigabit Interface because our customers demand it. We run PIX IOS code 5.3 on the PIX firewall. The problem with the PIX is that even though Cisco claims that the throughput is between 750 to 800 Mbps, the throughput drops to 2Mbps (YES, 2Mbps on a Gigabit interface) if the number of concurrent connections is more than 10,000 with an error tolerance of 0.1% (the industry standard is 0.001%). A lot of our customers are very angry and threaten to terminate their contracts with us. We later find out that another independent lab tested the Cisco PIX-535, see http://www.nwfusion.com/columnists/2001/0709tolly.html for details. Cisco said that there is a bug in the software version 5.3 (See BUG ID CSCdt86736) and claimed that the bug is fixed in version 6.0; however, you wouldn't be able to find this bug in Cisco bug watcher. We did some preliminary testing with version 6.0 and the result is the same (i.e. the bug is still there). The point of the story is "ALWAYS TAKE CISCO RECOMMENDATION AND CLAIMS WITH A GRAIN OF SALT." Careful product evaluation. Always keep your option open with other vendors such as Checkpoint, Lucent, Netscreen, etc... Our stupid management listened to Cisco rep. and overrode Engineering recommendation and now as the company as a whole, we are paying a price. Mike __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16436&t=16436 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
