Just been to a the Checkpoint Pacific Rim seminar in Sydney.
Checkpoint was rating the Nokie. Nokie have made changes to their ISOv3.3
which uses a thing call "FLOWS" which was available in CP2000- SP2.
IP520 performance was 270,000 pps 64 bytes UDP
It run up to 520Mps with 1500 bytes packets.
Solaris ultra was 17,000 pps
NT P111 800Mhz was 15,000 pps
Richard Taylor
-----Original Message-----
From: Hiemstra, Brenno [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 20, 2001 6:14 PM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: Checkpoint FW-1 & ATM performance
degradation
Maybe build a firewall cluster with Stonebeat and Firewall
-1 if you
run your systems on Solaris or NT (would not recommend NT
though).
You can scale your cluster to make a more load balanced /
load sharing
firewall solution then just one system firewall
I think, don't have proof to support my thoughts, that
Firewall 1 on a
nokia has a better throughput then on Solaris.
And if, after a thorough research, you don't think
Firewall-1 can do it,
I sure know Cisco PIX can do the job....
Regards,
Brenno
> -----Original Message-----
> From: Pere Camps [SMTP:[EMAIL PROTECTED]]
> Sent: dinsdag 19 juni 2001 18:14
> To: [EMAIL PROTECTED]
> Subject: Checkpoint FW-1 & ATM performance
degradation
>
> Hello,
>
> I've been given a project were I have to firewall off an
ATM network.
> Basically, it's just put Firewall-1 (with Solaris or
Nokia) in all
> the entry points of the enviorment.
>
> I'm quite worried about the performance degradation that
this will
> put on the ATM PVC connection.
>
> On one side, there's throughput. I've read that Checkpoint
claims
> that FW-1 can handle 240 Mbps on the correct machine. I
very much
> doubt it. The PVC that we're running is 155 Mbps, and I
feel that
> that would be too much, even if we're only going to use
the firewall
> as a "packet filter". Does anybody have any experience in
this issue?
>
> Also, delay issues. Does anybody know what delay on the
packets will
> the firewall put? I'm not in a position to fine tune the
MTU and
> window size of the machines involved, so that's not an
option to
> get around throughput issues related to the RTT.
>
> Regarding the FW-1 choice, it's the companie's preferred
firewall
> solution. But if FW-1 is not able to handle the job, the
company
> is quite happy to go for another supplier.
>
> Can anybody help? Thanks!
>
> -- p.
>
>
>
>
>
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
=====================================================================
WARNING -This e-mail, including any attachments, is for the
personal use of the recipient(s) only.
Republication and re-dissemination, including posting to news
groups or web pages, is strictly prohibited without the express
prior consent of
Thomson Legal & Regulatory Limited
ACN 64 058 914 668
=====================================================================
