Re: Sizing a firewall

[Rafael Teixeira <rpt () pobox com>]

Hi there.
Welcome to the brave new world....

The problem is that you must now what kind of traffic you will have.
http, https, ftp, real-audio, smtp, etc.
All of thsi protocols will have different needs.
Now, you might go to load-balancing stuff, proxying.
Think about security contents (things like web, ftp and mail sweepers).

I think you must take a deeper look at your network, mostly because ONE
firewall isn't going to solve the problem, and it might became a
"single-point-of-faillure", and this could be as good as bad.

Can you use servers for local caching and proxying ?
What kind of mail policies you will have ?
Will you use a DMZ ?
And what about ISP's service?

Think about this first, then you might start seeing the BIG problem you
are going to have.

Rafael


Walt Sullivan wrote:
> I'm consulting for a Canadian government agency that plans to allow
> desktop access to the Internet for the first time next year (yes, I
> know, "Forward into the 70's", but is is government).
>
> They think they have about 25,000 desktops (Windows 95/98, shudder).
>
> How can I help them predict the amount of traffic they'll see on their
> T1 connection?
>
> Is there anybody out there running a firewall for 25K desktops that is
> willing to share 
> Thanks,
>
> Walt
>
> --
> Walt Sullivan
> UNIX & Networks, Security & SysAdmin
> walt () trytel com

Attachment: rpt.vcf
Description: Card for Rafael Teixeira