Firewall Wizards mailing list archives

Re: Question on Cisco ASA's... do all the features slow it down?

From: Carson Gaspar <carson () taltos org>
Date: Mon, 10 Dec 2007 21:42:26 -0800

jacob c wrote:

1) Firewall performance figures from all vendors are highly overrated on 
the datasheets.


If you want to get a certain firewall company to complain to your senior 
management that you're being "mean" and try and get you fired, demand 64 
byte packet last-match performance numbers (as opposed to the 1500+ byte 
first match numbers they'll try and give you). Also be very careful to 
ask about behaviour when this limit is exceeded. It was very informative 
to see which vendors were packet rate limited and which were bit rate 
limited. The performance scaling with ruleset size was also interesting. 
Sadly I don't know of any vendors that publish this data openly. I do 
know that you can tell a good one by their reaction when you ask for it.

(And, no, I'm not making this up. But I'll refrain from naming names 
since they can afford to sue me out of existence.)

-- 
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Question on Cisco ASA's... do all the features slow it down? John G. (Dec 05)
- Re: Question on Cisco ASA's... do all the features slow it down? ChrisSerafin (Dec 06)
- Re: Question on Cisco ASA's... do all the features slow it down? Brett Cunningham (Dec 06)
  - Re: Question on Cisco ASA's... do all the features slow it down? jacob c (Dec 10)
    - Re: Question on Cisco ASA's... do all the features slow it down? Carson Gaspar (Dec 11)
    - Re: Question on Cisco ASA's... do all the features slow it down? John G. (Dec 11)
    - Re: Question on Cisco ASA's... do all the features slow it down? jacob c (Dec 12)
    - Re: Question on Cisco ASA's... do all the features slow it down? Carson Gaspar (Dec 13)