RE: HW firewall for LAN

["McGill, Lachlan" <mcgilll1 () anz com>]

> From Cisco Press:

PIX 506: SOHO, 10Mbps throughput, 400 simultaneous sessions, max 2 interfaces
PIX 515: Small/medium business, 120Mbps throughput, 125,000 simultaneous sessions, max 6 interfaces
PIX 520: Large enterprise business, 370Mbps throughput, 250,000 simultaneous sessions, max 6 interfaces
PIX 525: Enterprise/Service Provider, 120Mbps throughput, 280,000 simultaneous sessions, max 8 interfaces
PIX 535: Enterprise/Service Provider, 1Gbps throughput, 500,000 simultaneous sessions, max 10 interfaces

I would suggest that a 525 would probably best fit your needs.

-----Original Message-----
From: Dan Duplito [mailto:danduplito () techie com]
Sent: Tuesday, 2 December 2003 7:57 PM
To: security-basics () securityfocus com
Subject: HW firewall for LAN


hi, forgive me if this is a newbie query -- i'm relatively new to the security industry.

we're looking to getting a HW firewall between our LAN and internal servers, similar to the one we have for our DMZ.

i'm just wondering if a Cisco PIX (515 or 525) firewall is not overkill for a 3000+ user-base LAN/WAN network (i've 
read the specs from Cisco site but nothing was mentioned regarding user-base limit/capacity for each firewall). traffic 
will mostly constitute the usual Internet, mail, dns and telnet/ssh access to the servers. 

is there a rule-of-thumb for determining the appropriate firewall CPU speed and memory for a particular number of users?

TIA for the help and inputs,
dan

---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------