Re: Firewall performance

[Lance Spitzner <spitzner () dimension net>]

On Tue, 22 Jun 1999, Sandy Green wrote:

> I have done some tests on a server with 500 MB of RAM ! and there
> was no significant improvement. I thought that this list would have
> expereinced such issues in their environments. But unluckily for 
> me I have not got any response from any of the list members.

With FW1, normally RAM is not an issue.  FW1 is very non memory
intensive, as most of the standard filtering happens in kernel
space (/dev/fw0).  The only time you incurr a memory hit is
if you are using the security servers (ie 'proxy' servers) or
encryption.  Version 4.0 has improved the memory usage of the
security servers.  As for encryption, it really depends on what
type of encryption your are using.  

If you are looking to tweak an OS for FW1, you will want to
go with multimple CPUs (4.0 is multi-threaded, 3.0 is not).
Also, you will want to bump up your kernel memory for the
FireWall module, check out http://www.phoneboy.com/fw1 for
the gory details.  It really depends what you are going
to use the FW for, and what kind of bandwith/usage you 
will have going through it.

I'm not sure if I answered your question :(
If you would like more info, drop me an email.

Thanks.


Lance Spitzner
http://www.enteract.com/~lspitz/papers.html
Internetworking & Security Engineer
Dimension Enterprises Inc