Firewall Wizards mailing list archives
Re: Firewall performance
From: "Sean Costello" <xlate () home com>
Date: Sat, 26 Jun 1999 14:17:24 -0500
There have been a number of posts covering this topic pretty thoroughly but I just wanted to mention two items.... First: It's worth noting that using either address translation or the in.ahttpd as a proxy incure a significant performance hit. Meaning that not using either, in turn would leave more resources to other processes. Second: If you plan on making heavy use of the VPN technology in FW-1, I would suggest looking into the Luna VPN card from Crysalis. This would offload the encryption overhead by a significant margin. Note that when using this hardware (NT or Solaris) both side of the VPN must have the card, and you cannot off load SR traffic. Cheers, Sean Costello Network Engineer xlate () iname com Sandy Green wrote:
Thanks to all those who responded. But actaully that does not answer my query. There is a lab report on the checkpoint site about the solaris vs NT performance. fine.... but actaully there are other important factors like PCI bus speed of the computer as well, CPU speed ,memory. The point is that even if the CPU speed is a 500 MHZ pentium and memory is 10 MB , that does not help improve the performance. what the labs do is get a machine from DELL/COMPAQ latest model as shipped by them and perform the tests on them without tailoring the RAM or PCI speed. I have done some tests on a server with 500 MB of RAM ! and there was no significant improvement. I thought that this list would have expereinced such issues in their environments. But unluckily for me I have not got any response from any of the list members. But I would keep persisting.... thanks to all. and please do email me. sandy Date: Thu, 17 Jun 1999 17:58:46 -0700 (PDT) From: Sandy Green <sand232 () yahoo com> Subject: Security conference NETSEC 99 Dear list members, I needed to get some sort of feedback about the recently held Security conference NETSEC 99. All the lucky ones who atteneded this conference would have certainily benefited from it. But for some reason(s) I could not make it. I would greatly appreciate if some of you could share your experiences and learning with me. second. This is about the firewall performance. In my mind these would be the factors for the bastion host performance ( processing the number of packets and taking a decision ) CPU speed, PCI bus speed, Memory,..., and of course the WAN link connectivity speed... any more all thes factors have in turn a direct bearing on each other... just like security as strong as the weakesk link, similarly the processing speed (of the firewall) would be as fast as the slowest parameter( CPU speed, WAN/LAN connectivity speed, PCI bus speed...) Please let me know your views or could point me to resources on the web. Thanks sandy _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- RE: Firewall performance, (continued)
- RE: Firewall performance Marcus J. Ranum (Jun 23)
- RE: Firewall performance David LeBlanc (Jun 28)
- RE: Firewall performance Ryan Russell (Jun 24)
- RE: Firewall performance David C Niemi (Jun 28)
- Re: Firewall performance Darren Reed (Jun 29)
- Re: Firewall performance Mike Shaver (Jun 29)
- Re: Firewall performance Darren Reed (Jun 29)
- RE: Firewall performance David C Niemi (Jun 28)
- RE: Firewall performance Marcus J. Ranum (Jun 23)
- RE: Firewall performance David LeBlanc (Jun 28)