Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nokia firewall solution

From: Lart <lart () hacksec org>
Date: Thu, 25 Mar 1999 20:24:38 -0500


On Thu, 25 Mar 1999 12:04:07 Lee, Gary wrote:
: Does anyone have experience with the Nokia IP400 Series Integrated
: router/firewall? 

Lots of folks do, I'm sure..  Even me. :-)

: Currently, we are using an NT-based Checkpoint fw-1 and are considering
: installing a 1) 2nd "primary" NT-based fw-1 for inbound web services access,
: and 2) 3rd fw-1 to serve as a backup/failover firewall for our current
: primary fw-1, using software such as Stonebeat.   On the surface, it appears
: the Nokia (Unix BSD) router/firewall (which runs fw-1) could easily handle
: the additional web traffic, removing the need for an additional primary
: firewall, and could be configured with another Nokia box to provide load
: balancing as well as hardware-based failover.  In effect, we would be
: installing 2 Nokia router/firewall boxes in lieu of 3 NT-based firewalls
: plus some type of redundancy/failover software.

Your assessment is correct.  A pair of IP440's, or the new IP650's could
easily handle what those 3 NT boxes could manage.  I've installed a number 
of IP4x0's at a variety of customers, including one of the larger financial
houses in the World Trade Center, as well as protecting the mail and web 
servers of a certain professional sports league here in the US.  They both
were driving substantial amounts of traffic through their IP440's, without
trouble.  I've pushed a DS-3 (at about 60% utilization) accross a pair
without any trouble (probably would have been able to handle the full 45 
Mbps no problem).  In total, I've probably done about 30 - 40 of these
boxes, and for your traffic load, it sounds like a really nice fit.  Not
to mention the fact that you get to save $17k by NOT having to buy StoneBeat
(you can use VRRP, built into IPSO, the Nokia's OS).

I'm not in the firewall  market right now (burn factor, and a shitty 
employer - now former employer <g>), but I'd be happy to steer you 
to a good reseller of the Nokia stuff, if you don't already have one.
Email me privately about that..  Just like picking the right Check Point 
reseller is important, for support reasons, it's also important with
Nokia gear...

--lart
Previous By Date Next
Previous By Thread Next

Current thread: