Re: Checkpoint FW-1 & ATM performance degradation

Wed, 20 Jun 2001 08:01:28 -0700 

I've used FW1 with a ForeRunner PCA200E NIC.
It was running at OC-3 155Mbps and a couple times I saw the traffic as high as 130Mbps.
The firewall was handling the traffic nicely, but the NIC drivers were reporting an 
increasing
number of "large buffer failures". Not sure if that means that FW1 was not handling 
the packets
quickly enough and the cells were getting dropped or what.

The firewall this was running on only had two Pentium II-450 processors...so it wasn't 
super fast to begin with. 


----- Original Message ----- 
From: "Pere Camps" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 19, 2001 12:13 PM
Subject: Checkpoint FW-1 & ATM performance degradation


> Hello,
> 
> I've been given a project were I have to firewall off an ATM network.
> Basically, it's just put Firewall-1 (with Solaris or Nokia) in all 
> the entry points of the enviorment.
> 
> I'm quite worried about the performance degradation that this will 
> put on the ATM PVC connection.
> 
> On one side, there's throughput. I've read that Checkpoint claims 
> that FW-1 can handle 240 Mbps on the correct machine. I very much 
> doubt it. The PVC that we're running is 155 Mbps, and I feel that 
> that would be too much, even if we're only going to use the firewall 
> as a "packet filter". Does anybody have any experience in this issue?
> 
> Also, delay issues. Does anybody know what delay on the packets will 
> the firewall put? I'm not in a position to fine tune the MTU and 
> window size of the machines involved, so that's not an option to 
> get around throughput issues related to the RTT.
> 
> Regarding the FW-1 choice, it's the companie's preferred firewall 
> solution. But if FW-1 is not able to handle the job, the company 
> is quite happy to go for another supplier.
> 
> Can anybody help? Thanks!
> 
> -- p.
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
> 

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to