Jason, I don't think bashing products is very productive. Every products has its advantages and disadvantages; that's why all of us have high-paying jobs. Otherwise, why would someone need to pay top dollar for people like us? I think this forum is a great place to discuss the pros and cons of security products other CP. I've learned a lot of everyone in this forum. Based on the information I've seen, I think FWSM is probably is right choice, unless the policy is not static. I've seen many times when someone just put on a blinder and go with FWSM for performance but they have a very complicate security policy. Worse, the policy is not very static. Doing so with FWSM is asking for trouble later down the road. just my 2c. cisco4ng
chkp tech <[EMAIL PROTECTED]> wrote: Normally, I try to stay away from bashing products other than Check Point on this list. Many times I have seen concerns (many times correct) about Check Point's support. I personally have installed Check Point, Crossbeam, Nokia, Nortel NSF, Juniper, etc. I've had to call Nortel support on a couple issues, and the support was less than helpful. If you have further questions, we should probably take this off list, and then I'll create a small distribution list. We can then discuss the finer points of how to get your objective accomplished. Jason On 9/19/06, Bhavin Gandhi wrote: > > Nortel NSF with about 6 directors can reach 100K connections per second. > Check their product brief at www.nortel.com for their claim on cps. > > Cheers..... > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] Behalf Of Gary > Scott > Sent: Monday, September 18, 2006 8:09 PM > To: [email protected] > Subject: Re: [FW-1] Looking for High end through put suggestion > > > The high end Nokia IP 2250 can handle 87,000 connections per second. I > have not been able to get a connection per second from crossbeam or any > other Checkpoint appliance vendor (throughput and total number of concurrent > connections doe's not equal connections per second). If anyone comes across > these numbers I would love to see them. Thanks, GS > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 [mailto: > [EMAIL PROTECTED] On Behalf Of cisco4ng > Sent: Monday, September 18, 2006 5:51 AM > To: [email protected] > Subject: Re: [FW-1] Looking for High end through put suggestion > > 120k cps will require something like Cisco FWSM or Juniper Firewalls. > FWSM is a pain in the ass to manage but it depends on your requirements. > If the security policy is relatively "static", FWSM is the way to go. If > your > security policy is not "static", then go with Juniper Firewalls because > the > rulebase is much easier to manage than Checkpoint. Juniper also has > NetScreen Security Manager (NSM), that will make your life a little bit > easier. I've used the Juniper AS5200 and very impressed with it. > > For that amount of connections and throughput, I do not think CP will be > your solution. > > chkp tech wrote: Sergio is correct in that 120k > connections per second is quite a bit. If > you are 'forced' to deal with that much bandwidth, then I'd recommend the > Crossbeam X80. If there's a way to split the traffic, then you might be > able to get away with an X40 or high end machine (Sun, Dell, etc) > > Yes the Crossbeam hardware is expensive, but they're the only ones that > offer high end throughput consistently. > > Jason > > > On 9/17/06, Sergio Alvarez wrote: > > > > Check the hardware compatibility list in the Check Point web site, > > althought > > 120K connections (per second I guess you meant) is a lot, so even the > new > > Nokia IP560 or the Sun Fire X42, might be short for you. > > Maybe you can find a solution over something more of a carrier class, > > check > > also the Crossbeam site, they have very robust equipment. > > > > > > > > On 9/17/06, Tom Louis wrote: > > > > > > We are growing out of Nokia ability to handle the through put, I was > > > wondering if there was any sites that show some abilities to handle > > > atleast > > > 120,000 connections along with 10 Gig cards. > > > > > > The information contained in this electronic message and any attachments > to this message are intended for the exclusive use of the addressee(s) and > may contain proprietary, confidential or privileged information. If you are > not the intended recipient, you should not disseminate, distribute or copy > this e-mail. Please notify the sender immediately and destroy all copies of > this message and any attachments. > > WARNING: Computer viruses can be transmitted via email. The recipient > should check this email and any attachments for the presence of viruses. The > company accepts no liability for any damage caused by any virus transmitted > by this email. > > www.wipro.com > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- All-new Yahoo! Mail - Fire up a more powerful email and get things done faster. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
