Re: Proverbial appliance vs software based firewall

["Philip J. Koenig" <pjklist () ekahuna com>]

> Date: Wed, 16 Oct 2002 04:43:49 -0400 (EDT)
> From: Christopher Hicks <chicks () chicks net>
>
> On Tue, 15 Oct 2002, Ryan M. Ferris wrote:
>
> > Gigabit throughput is still best achieved by a switched bus architecture
> > and custom ASICS or other real-time micro-kernel OS. The shared bus
> > archictecture of even the fastest PCS and gigabit NICs will never be a
> > match for dedicated hardware in processing traffic.
>
> Bull.  I heard the same things about 10M and 100M.  PC's will catch up.


The classic argument seems to be that dedicated-ASIC-based
firewalls have at least a theoretical performance advantage.
Various people have been saying, for example, that Checkpoint's
days are numbered because stuff like Netscreen performs much
better.

Now Checkpoint has commissioned a test that purports to show
their product performs better than "dedicated hardware" from
Cisco and Netscreen.  I would like to have people's opinion
on this test, in part because my observation of Tolly Group
test reports is that they're one of these "guns for hire"
that never writes a bad review for someone who pays them for
one.

I just skimmed through it and one thing that stuck out in one
of the tests was that they were testing only UDP traffic, which
struck me a bit strange because that has to be a small part of
typical VPN traffic.

http://www.checkpoint.com/products/connect/tollyreport.html

 

--
Philip J. Koenig                                       pjklist () ekahuna com
Electric Kahuna Systems -- Computers & Communications for the New Millenium


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards