Firewall Wizards mailing list archives

Re: WinNT and Firewall-1

From: "John Kozubik" <john_kozubik_dc () hotmail com>
Date: Thu, 21 Jan 1999 22:03:57 PST

I am preparing to install a Firewall-1 (v.4.0) box on Windows NT
(v.4.0SP3 + hotfixes).  The catch is that it will have 4 network
interfaces (2 full Ts and 2 ethernet).  My concern is that NT will


I can offer some limited advice.  I have run Windows NT installations 
with four NICs connected to plain old 100-base-t, and it seemed to keep 
up.  This was with a single pentium-pro 200 and 256 megs.  Now bear in 
mind that these NICs were _all_ passing 100 meg traffic, whereas 50% of 
the nics in your box will be poking along at 1.5 megs.  This 
significantly decreases the amount of work that has to be done by the 
nics themselves, but only slightly decreases the overhead per nic for 
the entire box.  The key in your situation which makes me think you will 
have no problems is the fact that you will have two processors.

Having two processors in windows nt is very significant, and because you 
have two I don't think things will slow down much at all.  We are 
spoiled these days with the speed of our processors, so when we see 333 
mhz it doesn't trip anything in our minds, but really, if you stop and 
think about it, you have a pretty fast machine there.

Some people may tell you that with four nics and two processers you may 
even want to circumvent the built-in processor affinity for the nics - I 
think NT will do a nice job on its own, but YMMV.  Setting a custom 
processor affinity is not a trivial task - so you may not even want to 
consider it, even if you think you might get some marginal benefit...in 
general NT does it pretty well.

Some general tips on boosting the performance if you are really worried 
- put your page file on a separate hard drive.  Make sure you use scsi, 
and watch your FW-1 rulesets - the more rules each packet has to be 
checked against, the slower things will go.  Of course, it would take 
some pretty big rulesets to really noticably slow things down.....

Email me at the address below if you have further NT networking / 
performance questions.

kozubik - John Kozubik - john_kozubik () hotmail com
PGP DSS: 0EB8 4D07 D4D5 0C28 63FE  AD87 520F 57BE 850B E4C4


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Current thread:

Re: WinNT and Firewall-1 John Kozubik (Jan 26)
- Re: WinNT and Firewall-1 David LeBlanc (Jan 27)
- <Possible follow-ups>
- Re: WinNT and Firewall-1 Michael Embree (Jan 27)
- Re: WinNT and Firewall-1 Neil Pike (Jan 28)
- Re: WinNT and Firewall-1 Neil Pike (Jan 29)