We're running Floodgate so the comparison probably isn't valid. When we specced it, the thought was that we could get by with 256 MB because our throughput (currently) is so low but I know how these things grow so I bumped it up to 1 GB so I wouldn't have to back for additional money and downtime later. We're now going to start using site-to-site VPNs to replace frame lines so the workload is going to go up due to encryption/decryption.
As you add in SmartDefense to block the peer-to-peer stuff proactively, the workload goes up. As you add in the new layer 7 stuff (the AI part), the workload has to go up. IPSO keeps getting bigger as well. With 3.6 FCS13 and 3.7build32 images only, I'm at 69% of the boot partiton utilization. I used to be able to keep three IPSO images on it.
I'd definitely bring it up to 512MB just to keep from having problems in the future.
Ray Pesek, CISSP
From: Alan Choyna <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] Would NG FP3 with AI kill Nokia IP440 performance Date: Fri, 16 Jan 2004 00:11:30 -0600
Full T3, handling up to 17-20 meg of traffic at peak.
Does your IP530 use much of its RAM? Our IP440 rarely goes above 64meg. I do have some spare RAM to bump it from 256 to 512meg if l need to though.
At 11:00 PM 1/15/2004, Ray Pesek wrote:I don't know the specs on an IP440, but the IP530 is a 733 MHz box and I stuck 1 GB of RAM in it. It's running NG AI as well as remote access on pair of T-1's and it rarely goes over 10% CPU. What kind of lines is your box handling?
Ray Pesek, CISSP
From: Alan Choyna <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] Would NG FP3 with AI kill Nokia IP440 performance Date: Thu, 15 Jan 2004 16:03:49 -0600
I'm in the process of upgrading our IP440 from IPSO 3.5FCS10 and checkpoint FW-1 4.1 SP6 to IPSO 3.7 and NG FP3 with AI, and have heard from a colleague that some vendors (Netscreen) have said that an IP440 cannot run NG with AI because the extra overhead would kill FW throughput performance.
Has anyone got any info on this? Can an IP440 handle NG with AI fine? If there is extra overhead, how much performance degradation could we expect?
Our IP440 currently seems to handle our traffic without issue, and l'm hoping that he was just fed BS in order to get a sale.
Thanks in advance.
Alan.
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Let the new MSN Premium Internet Software make the most of your high-speed experience. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
Alan C. Choyna Senior Consultant
Pathfinder Associates, LLC
<http://www.pathfinderassoc.com/>http://www.pathfinderassoc.com Internet Strategy Business Consultants <mailto:[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>.com
Business telephone (312) 372-1058. Mobile (773) 255-6662
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Get a FREE online virus check for your PC here, from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
