I have in the past run a relatively low end Sun box with CP FW-1 v4.0 with
250+ routes on it, with no performance degradation associated with the
number of routes, and no appreciable latency added by the firewall at all.
Regarding combining Class B's or Class C's into fewer routing statements :
Yes, absolutely, as long as you make sure that you aren't inadvertently
routing some traffic in a direction you don't want to.
For example:
External semi-trusted site with a Class C 150.150.150.0/24 has several
servers you connect to over a direct link, at IP addresses 150.150.150.20
and 150.150.150.30. You could route the entire Class C over the direct
link, but might not want to; the external network might have their own
firewall in place allowing you direct link access only to those two servers,
expecting you to route everything else across the Internet.
Also, use routed instead of gated.
Greg S.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 16, 2000 9:44 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [FW1] Large number of Static Routes on a Sun box
Importance: High
My reply to this would be is there any way to re-concile some of the routes?
IE- lets says that 10.1.0.0, 10.2.0.0, 10.3.0.0.. etc through 10.100.0.0 go
to the same switch.
Is there any way to supernet some class B's or C's to cover what you have in
place? This may be a good way to help.
My reply to Sun saying "It isn't a router". Well what the heck IS a
firewall?
I will tell you that I am currently supporting a customer with 150+ routes
on an NT box.
Your 450+ should NOT be trembling at the knees.
How many NICs you got in this puppy, and what speed?
Are you doing encryption/authentication?
Any SMTP proxy or cvp stuff you could offload?
Thomas Poole
-----Original Message-----
From: William J Husler [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 16, 2000 1:33 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Large number of Static Routes on a Sun box
We have a firewall (FW-1 v4) running on a Sun ES450 that connects numerous
subsidiary networks. As a result of the divergent networks involved (as well
as address translation in some cases), we have add a number of static
network routes (and static host routes) to the firewall. We are currently up
to almost 200 lines in the routing table. This firewall is experiencing
through-put problems (at least everyone is pointing fingers at it) and the
vendor (Sun) tech support has stated that it could be caused by this large
number of static routes. Has anyone else experienced this scenerio or have
experience with a large routing table on a Sun box? One comment I
particularly did not like was "It's not a router you know". Just what do
they think a firewall does anyway?
Bill
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
