I'm looking for a recommendation on Dell hardware for a SPLAT solution. Talks regarding lack of support for RAID & various network cards is of concern....
Regards, Dannie -----Original Message----- From: Burton, Chris [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 2:14 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] [FW1] making the switch -nokia to servers- I run multiple clusters of Compaq/HP Redhat 7.2 NG FP3 and multiple clusters of Sun SPARC 4.1 firewalls and have had no problems with either. The performance of the Redhat is great depending on the hardware being used, the type of network card makes the biggest difference. Availability is equal, outside of the patches the servers and firewall software the servers have not had to be rebooted once; if they do need to be rebooted this is were your clusters come into play both HA and Load Sharing. If you are going to use SPLAT then you need to make sure that your NIC's and RAID controllers are supported (Last time I checked SPLAT only used the bcm5700 driver which I have had problems with on Compaq multi-proc machines) if not I would suggest just running a hardened version of Redhat 7.2 (i.e. Stripped to the bone and patched), running the systems in this fashion will give you more options as far as compiling required drivers since I have not seen a source release of the Checkpoint compiled kernel for SPLAT. I have run into issues were the Compaq gear (DL560G2,DL360G2/G3) will not support the stated amount of interface running under Redhat 7.2 2.4.9-31, I have been unable to find a workaround to this. I have tested both HA and Load Sharing but opted to go with a 3rd party product instead of ClusterXL which in my opinion is not very good under FP3. Chris Burton Network Engineer Walt Disney Internet Group: Network Services -----Original Message----- From: Security Guy [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 8:46 AM To: [EMAIL PROTECTED] Subject: [FW-1] [FW1] making the switch -nokia to servers- We are thinking of making the switch from Nokias [ip 440's] to running our firewall using secure platform on Intel hardware. In theory it sounds great, and of course the salesman made it sound like an easy transition. But I'm wondering if their are any hidden gotchas? We are a Compaq/HP shop so we would have dual DL 380s with a 2 Ghz or higher CPU / 40 gig hard drive and 1-2 Gig of ram. Such as: 1. Is secure remote as stable and robust as a comparable Nokia appliance? 2. Almost a repeat of 1, how about uptime? are they rock-solid? 3. Just how easy is the patching? i.e., updating to the latest feature pack? 4. NG question, is the VPN client or firewall support better than 4.1? 5. Any noticeable increase in overall throughput? 6. Any problems support multiple Nics? is there a limit on the number of interfaces? 7. Just how good is the built in IDS, does it compare at all to ISS ->Realsecure? 8. How does the web interface compare to "voyager 9. Is HA better, or worse than VRRP? I'm just a little leary moving away from the Nokias, they have been rock solid for us. We are working on 300 plus days of uptime. We've had one harddrive failure in 3 yrs but other than that they have been very good to us. To switch or not, that is the question. Thanks ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
