|
Our Nokia 650s with 320MB RAM in a VRRP configuration are
attached to a
DS3 (45MBps) circuit. It supports a
normal load of 23,000 connecitons with
a peak of more than 40,000. It is very rare that
processor utilization, using
uptime, exceeds .05 for the 1 minute increment and .01 for the
15-minute
average.
VRRP works without fail as does the state table
synchronization. Of
course, you do have to be careful with how much you want to
log. Log
Active and Log Account are pretty much useless due to the
enormous
amount of data each monitors. Never had a problem with
Logging
otherwise.
Finally, make sure the Nokia has at least 128MB RAM,
preferably 256MB,
because if you add anything to the box such as CVP, RealSecure
sensor,
Log Accounting, Log Active, or others, you'll find that 128MB
RAM just
isn't sufficient to perform the job.
David C. Diemer, CCSA
Enterprise Security Firewall Engineer Georgia Department of Administrative Services (DOAS) 200 Piedmont Ave. SE Suite 1420, West Tower Atlanta, GA 30334 [EMAIL PROTECTED] (V) 404.651.9677 (F) 404.656.0421 >>> <[EMAIL PROTECTED]> 01/24/01 04:35PM >>> > We are currently using Firewall-1 on a Sun Ultra 2 machine. We have about > 2000 workstations and servers behind it. During the peak period of the > day, we have about 1000 to 1500 connection in the Firewall-1 's Active I have a HP lpr, running Linux, FW-1 4.1 Our connection table almost always exceeds 10,000 connection. It runs somewhere around 1% cpu utilization. It's connected to four T-1s. I've run 14 T-1's into a Nokia 330 without any performance problems. > Now, my question is if you think the Nokia IP650 (or the IP440) would have > sufficient (CPU, memory, etc.) capacity to replace the Sun Ultra 2 and > handle the current load? Better? IP440 will do well. > Another question is if the VRRP is only available for the Nokia setup, and > not for the Sun Ultra 2 machine? I guess my question is if the Checkpoint > VRRP solution are built at the Firewall-1 software or at the hardware > (Nokia) platform. VRRP is only on the Nokia platform. I recommend Rainwall on Sun or Linux. Frank ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ |
- [FW1] Using Nokia IP650 as Enterprise firewall?? Raymond N
- Re: [FW1] Using Nokia IP650 as Enterprise firewall?? James_E_Clukey
- RE: [FW1] Using Nokia IP650 as Enterprise firewall?? Rick McMaster
- RE: [FW1] Using Nokia IP650 as Enterprise firewal... Raymond N
- RE: [FW1] Using Nokia IP650 as Enterprise fir... Carric Dooley
- Full Cluster - was RE: [FW1] Using Nokia ... Raymond N
- RE: Full Cluster - was RE: [FW1] Usi... Mark Decker
- RE: [FW1] Using Nokia IP650 as Enterprise firewall?? David C. Diemer
- RE: [FW1] Using Nokia IP650 as Enterprise firewal... navid atoofi
- Re: [FW1] Using Nokia IP650 as Enterprise firewal... Carric Dooley
