Re: Sizing a firewall

["Carric Dooley" <carric () com2usa com>]

I will say this... a T1 will not even be close to enough.  You will get more
bitching and moaning with a T1 than if you just gave them all analog lines.
I can tell you that I have seen about 3000 users saturate a T1... not 100%
of the time, but it wasn't fun.  With 25K users, you had better start off
with at least a frac DS3 (even 10Mb will probably be cramped).  Really a
full DS3 is probably about right.  A decently spec'd firewally (FW-1 on a
Nokia IP 440 or 650) will be more than adequate and even give you some
growing room).

I have worked with government as well, so I know your pain.  E-mail me
directly if you would like more detailed input.


-----Original Message-----
From: Walt Sullivan <walt () trytel com>
To: firewall-wizards () nfr net <firewall-wizards () nfr net>
Date: Thursday, December 30, 1999 5:43 PM
Subject: Sizing a firewall


> I'm consulting for a Canadian government agency that plans to allow
> desktop access to the Internet for the first time next year (yes, I
> know, "Forward into the 70's", but is is government).
>
> They think they have about 25,000 desktops (Windows 95/98, shudder).
>
> How can I help them predict the amount of traffic they'll see on their
> T1 connection?
>
> Is there anybody out there running a firewall for 25K desktops that is
> willing to share an order-of-magnitude guess?
>
> Thanks,
>
> Walt
>
> --
> Walt Sullivan
> UNIX & Networks, Security & SysAdmin
> walt () trytel com