First of all, the Pix515E is running on an Intel Celeron 433Mhz, not PII. I have customers that have no problem migrating from CheckPoint NG (FP2) over to Pix515 firewall (running version 6.2(2)). At the same time, I've seen customers having problems with the Pix firewalls that I have to migrate them over to CheckPoint NG FP2. I think it all depends on the applications that you are running on those webservers. I may be wrong but I the max. connections that the Pix 515E can handle is around 100,000. The value also depends on the amount of memory available on the Pix (128MB). My question to you is this: 1) Do you terminate any VPN connections to your Pix? If that the case, you should increase the memory to 128MB. The 515E has built-in VAC so you should be OK. As I've said before, it depends on the application running on the servers. It seems that Pix firewall handles short and bursty traffic better than CheckPoint where as CP has better "stateful" than Pix. What version of Pix OS were you running? Symon Thurlow wrote:Hi All,
I have a question regarding PIX perfromance. and wanted to see what the experienced PIX crowd here has seen before. I am migrating from two seperate Checkpoint 4.1 boxes running on PC's (PIII 733) to one failover 515e bundle. The 515e has a PII 433 cpu in it. The environment is an online trading shop, where there are 4 trading servers. I changed over on the weekend to the PIX solution, tested everything 3 times, and everything was fine. As soon as users hit the most popular server on MOnday morning (250 remote users through the web, connecting to some custom TCP ports) the response time turned to mud and I had to back out to the Checkpoint solution. Unfortunately, because this company loses so much money when the servers are not online, I had no time to gather any stats (memory usage, cpu usage etc). Does anyone know of the maximum number of xlates a 515e can handle? Any insights, web links etc greatly appreciated. Cheers, Symon Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53918&t=53898 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
