Re: Firewall performance

["Sean Costello" <xlate () home com>]

There have been a number of posts covering this topic pretty thoroughly but
I just wanted to mention two items....

First: It's worth noting that using either address translation or the
in.ahttpd as a proxy incure a significant performance hit.  Meaning that not
using either, in turn would leave more resources to other processes.

Second:  If you plan on making heavy use of the VPN technology in FW-1, I
would suggest looking into the Luna VPN card from Crysalis.  This would
offload the encryption overhead by a significant margin.  Note that when
using this hardware (NT or Solaris) both side of the VPN must have the card,
and you cannot off load SR traffic.

Cheers,

Sean Costello
Network Engineer
xlate () iname com



Sandy Green wrote:

> Thanks to all those who responded. But actaully
> that does not answer my query.
> There is a lab report on the checkpoint site about the
> solaris vs NT performance.
> fine.... but actaully there are other important factors
> like PCI bus speed of the computer as well, CPU
> speed ,memory.
> The point is that even if the CPU speed is a 500 MHZ pentium and
> memory is 10 MB , that does not help improve the performance.
> what the labs do is get a machine from DELL/COMPAQ latest model as
> shipped by them and perform the tests on them without tailoring the
> RAM or PCI speed.
> I have done some tests on a server with 500 MB of RAM ! and there
> was no significant improvement. I thought that this list would have
> expereinced such issues in their environments. But unluckily for
> me I have not got any response from any of the list members.
> But I would keep persisting....
>
> thanks to all. and please do email me.
> sandy
>
> Date: Thu, 17 Jun 1999 17:58:46 -0700 (PDT)
> From: Sandy Green <sand232 () yahoo com>
> Subject: Security conference NETSEC 99
>
> Dear list members,
>
> I needed to get some sort of feedback about the
> recently held Security conference NETSEC 99.
> All the lucky ones who atteneded this conference
> would have certainily benefited from it. But for some
> reason(s) I could not make it. I would greatly appreciate
> if some of you could share your experiences and
> learning with me.
>
> second. This is about the firewall performance.
> In my mind these would be the factors for the
> bastion host performance ( processing the number
> of packets and taking a decision )
> CPU speed, PCI bus speed, Memory,..., and of
> course the WAN link connectivity speed... any more
>
> all thes factors have in turn a direct bearing on each
> other... just like security as strong as the weakesk
> link, similarly the processing speed (of the firewall)
> would be as fast as the slowest parameter( CPU
> speed, WAN/LAN connectivity speed, PCI bus speed...)
> Please let me know your views or could point me to
> resources on the web.
>
> Thanks
> sandy
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com