Firewall Wizards mailing list archives
Re: Watchguard V60 capacity
From: "Jim McAtee" <jmcatee () mediaodyssey com>
Date: Thu, 24 Jul 2003 12:00:29 -0600
----- Original Message ----- From: "User Scarr" <scarr () ineocom com> To: "Tosk" <tosktosk () yahoo com> Cc: <firewall-wizards () honor icsalabs com> Sent: Thursday, July 24, 2003 8:50 AM Subject: Re: [fw-wiz] Watchguard V60 capacity
We're running VLANs locally behind the firewall on the switch, but the firewall has no control or knowledge of them. In my tickets with Watchguard we've talked a bit about capacity as well. I'm worried that even though I'm not spiking anywhere near 100Mbps, we might still be drowning the firewall in sessions (from the DNS servers maybe). We implemented the suggested change that Watchguard gave us (lowering the idle timeout to 60 seconds) and they're still performing about the same but the loss seems steady now at 1%. I generally feel that 0% packet loss is an acceptable amount, but that may be idealistic.
I seem to recall that the V60L & V60 have surprisingly little RAM (64MB, while the V80 has 256MB) so I could see how keeping state on a large number of connections for a busy web farm might swamp the box even when throughput in Mbps is low. I'm guessing that spec'd 100Mbps capacity has more to do with processing power and the ability to terminate some fat VLANs rather than being able to keep up with a busy hosting installation. If it's a memory issue, I wonder if terminating those VLANs on the V60 itself might not actually decrease the memory usage. Also, can you configure the firewall to port filter, but _not_ keep state on certain connections, designated by internal host adddress and IP protocol? Can you monitor CPU load and memory usage on the V60? If you're running into capacity issues, I would hope that the machine at least has the necessary tools to evaluate where the problem lies. It seems a little silly to just be taking educated guesses at what may fix the problem without some diagnostic data to start with. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Watchguard V60 capacity User Scarr (Jul 22)
- Re: Watchguard V60 capacity Tosk (Jul 23)
- Re: Watchguard V60 capacity User Scarr (Jul 24)
- Re: Watchguard V60 capacity Jim McAtee (Jul 25)
- Re: Watchguard V60 capacity User Scarr (Jul 24)
- Re: Watchguard V60 capacity Tosk (Jul 23)