What wouldn't meet the needs with the 2400? It shows the following specs:
775Mb firewall inspection throughput 225,000 active connections 4000 new connections/sec. The site currently is using: 200Mb pipe (potential to grow to 300-500 in the next 3 years) 23,000 active connections 250 new connections/sec. All that is well within the 2400 specs. ? Or am I missing something.. ? The NSA wouldn't be used for all the extra security bundles, just firewalling. JR ________________________________ From: [email protected] [[email protected]] on behalf of Richard Stovall [[email protected]] Sent: Wednesday, November 13, 2013 1:36 PM To: [email protected] Subject: Re: [NTSysADM] Sonic Wall model/sizing Frankly, no, given your 200Mbps link (that may go up to 500)[1]. See the following for theoretical maximum throughput numbers. On Wed, Nov 13, 2013 at 2:28 PM, Jesse Rink <[email protected]<mailto:[email protected]>> wrote: Thanks for the tips. Right now I am leaning towards a NSA 250M or the NSA 2400. I checked the current firewall (Microsoft TMG) and it's showing 23,000 active connections. There wouldn't be a need for content filtering or anti-spam filtering, etc. as other services are used for that. Does either of those models sound in the right ballpark based on the information I provided earlier? ________________________________ From: [email protected]<mailto:[email protected]> [[email protected]<mailto:[email protected]>] on behalf of Richard Stovall [[email protected]<mailto:[email protected]>] Sent: Wednesday, November 13, 2013 1:00 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Sonic Wall model/sizing I use them, but my environment is much smaller. We're stuck in the NSA 2XX range for cost reasons, but I wish I could jump up a notch or two for performance. I think the key is what features you'll be using and what throughput the firewall can manage when using them. IIRC, the big performance killers are Intrusion Prevention, Gateway Anti-Virus, Anti-Spyware and DPI-SSL. It also helps to have your zones planned out well (and the security services applied to each) when sizing because you can inadvertetnly have traffic scanned multiple times as it enters and exits various zones. Also, make sure you have enough physical ports to accommodate the number of zones you want. A fantastic reseller of SonicWall gear is sonicguard.com<http://sonicguard.com>. They will definitely help you size a solution without pushing you to something you don't need. Oh, and their prices are great. Ping me offline and I'll send you a direct e-mail contact. On Wed, Nov 13, 2013 at 1:43 PM, Jesse Rink <[email protected]<mailto:[email protected]>> wrote: Looking for real-world solution sizing for a Sonic Wall firewall. Site has about 1500-2500 devices/nodes and has a 200Mb internet pipe currently (which may increase up to 500Mb in the next 3 years). Rather than speak with Sonic Wall sales who will push me into some high-end device that is way beyond what I need, I'm looking to hear from anyone who uses Sonic Wall firewalls right now and what they might recommend for right-sizing. I don't need HA/failover on the firewall. Average 'active sessions' on our current firewall is about 1800, give or take... current firewall reports on average about 300 new connections/sec. I've worked with NSA 220s but not much else from Dell in my experience. JR
