|
Hi.
Your
Hardware will be wasted for a three legged design. With Firewall-1 rev.4.1 all
the packets are travelling through one CPU only. However the SUN
configuration guidelines might require additional CPUs for additional qfe cards.
This won't change the fact that all your packets ... are travelling through
one CPU.
You
can optimize a little bit by using 66Mhz PCI buses for lets
say Fast Ethernet and the 33Mhz PCI buses for 10
Mbit.
Everything will change in NG.
--Joerg
I am trying to find
out what FW-1 limitations.
Limitations I would be interested in would be how many
socket/flows/connections can the state table handle before the firewall is
slow or dies. What is the amount
of “hits” per second can FW-1 can handle and make stateful decisions about
before it is slow or fails? I
know there will be some limitation by bandwidth, OS, and hardware, but lets
say you are running on a SUN 4500 with 4 processors, 4 gigs of ram, Solaris
2.7 with a three legged design thus giving you 100mb to ISP, DMZ, and internal
LAN.
Does anyone have a
good link or knowledge of this kind of information?
|
