Re: High Speed Firewalls

[Rogue Bolo <roguebolo () yahoo com>]

This response may or may not get to you as it may
"look like a product plug" In my experience the Nokia
IP650 is not capable of hitting 160mb throughput. It
maxes out at about 120mb, and that is only as a
firewall, not as a vpn termination point. Whoever is
quoting 160mb is not getting their information from
Nokia, but I am guessing making them up to look better
from a sales perspective. I have done extensive
testing on the Nokia products using both SmartBits and
Ganymede chariot products. There is no interface
available for the IP650 that does 160mb. Clustering a
pair (or more) of firewalls from any manufacturer is
probably the best way to increase aggregate
throughput.

--- Carric Dooley <carric () com2usa com> wrote:
> I have seen specs stating 160Mb throughput for a
> Nokia IP650... that would just barely cover an OC3. 
> This number may be inflated however.. we have
> Smartbit cards here but only for layer 2 testing
> (damn,damn!!).  Anyone done any independent testing?
>
>
> Carric Dooley
> Network Security Consultant
>
> "A little inaccuracy sometimes saves a ton of
> explanation. " 
> - H. H. Munro (Saki) (1870-1916) 
> ----- Original Message ----- 
> From: ddhumphr <david () bbn com>
> To: <firewall-wizards () nfr net>
> Sent: Thursday, March 02, 2000 8:28 AM
> Subject: Re: High Speed Firewalls
>
>
> > Hmmm.  Aside from the I/F nomenclature
> misunderstanding, I'd suggest you talk to a
> > Netscreen rep..  Their ASIC design looks
> interesting, their rules are very
> > reasonable, their admin. interface is very usable,
> and their large server is heavy
> > throughput.  And no, there is no reason that most
> people would think to use such a
> > high speed device.
> >
> > ...but then most people don't work at ISP's.  Nor
> do they operate part of the
> > national backbone.  So most people won't see the
> need for one of these.  That does
> > not, however mean it does not exist, believe me.
> >
> >
> > Ace
> >
> >
> > Robert Graham wrote:
> >
> > > I think their may be some confusion between
> "gigabit" and "gigabyte".
> > > Also, from your description, it sounds like you
> don't need a "firewall" but
> > > basic packet filtering. A Cisco router can
> handle gigabits/second and can carry
> > > out this basic level of filtering.
> > >
> > > A high-end commercial firewall is good when you
> have a huge series of security
> > > needs that you want centralized: dynamic
> filters, VPN, NAT, proxy, etc. It is
> > > an extremely poor solution if you need
> high-speed, basic static packet filters.
> > > Any commercial firewall is overkill for such
> simple needs; you'll like find
> > > what you need in a packet-filtering router.
> >
> > --
> > David Humphrey
> > Network Consultant
> > Professional Services
> >
> > GTE Technology Organization
> > 10 Fawcett St.
> > Cambridge, MA 02138
> > e-mail: david () bbn com
> > tel: 617 873 7548
> > Pager:  888 548 5834 (5485834 () skytel com)
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com