300Mhz and 256MB ram I wouldn't expect much from it. Try turning on SecureXL
As per Nokia: Supported Platforms: You can run IPSO 4.1 and an application on the following Nokia IP security platforms: IP130,IP260, IP265, IP350, IP355, IP380, IP385, IP390 (disk-based and flash-based), IP530, IP560 (disk-based and flash-based), IP710, IP740, IP1220 (disk-based and flash-based), IP1260 (disk-based and flash-based), IP2250, IP2255. For better performance, Nokia recommends that you have at least 256 MB of memory in your platform. They should recommend 512MB Christian Chiaverini -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Friday, September 08, 2006 4:58 PM To: [email protected] Subject: [FW-1] Nokia IP130 is a piece of junk to run NGx I installed NGx R60 with HFA_04 on a Nokia IP130 running IPSO 4.1 build 016. This enforcement module is being managed by a SPLAT SmartCenter. I have two VPN tunnels between the IP130 and two cisco devices, VPN concentrator and Pix firewall. The only traffics going through the tunnel is icmp. I have continous ping going through the tunnel for testing purposes. By the way, I have a very small policy with less than 4 rules including the vpn rules. The problem is that everytime I make changes to the policy and push it to the Nokia enforcement module, I keep getting errors telling me that resource is not available to accept the policy and it timing out. This happens about 70% of the time. Even when the policy is successfully installed, my ping is timing out for about 30 seconds before resuming. I check the cpu status on the nokia via "vmstat 1" and the cpu is maxing out at 100% utilization. WTF! Now if I am running the checkpoint on the Nokia as a standalone firewall, it gets worse. Everytime I have to push the policy, it takes about 10 minutes for the policy to get pushed and if I even have active vpn tunnels, even without traffics, the policy installed will fail. I look on Nokia site and it stated that ipso 4.1 is supported on IP130 platform. I think Nokia should be honest and informed end users that the performance will be very poor when you have vpn even with little or no traffics at all if one decide to run Checkpoint NGx on IP130 appliance. I tested the IP130 with ipso 3.7.1 and NG with AI R55w and the performance is about 20 times faster than NGx. My VPN tunnels still work during the policy push. I guess what I am trying to say here is that whatever Nokia SE or TAC is telling you, take it with a grain of salt. Just because it will work with NGx does not mean it will work well. cisco4ng --------------------------------- All-new Yahoo! Mail - Fire up a more powerful email and get things done faster. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.12.2/442 - Release Date: 9/8/2006 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
