Firewall Wizards mailing list archives
Re: High Speed Firewalls
From: Rogue Bolo <roguebolo () yahoo com>
Date: Mon, 6 Mar 2000 09:08:44 -0800 (PST)
This response may or may not get to you as it may "look like a product plug" In my experience the Nokia IP650 is not capable of hitting 160mb throughput. It maxes out at about 120mb, and that is only as a firewall, not as a vpn termination point. Whoever is quoting 160mb is not getting their information from Nokia, but I am guessing making them up to look better from a sales perspective. I have done extensive testing on the Nokia products using both SmartBits and Ganymede chariot products. There is no interface available for the IP650 that does 160mb. Clustering a pair (or more) of firewalls from any manufacturer is probably the best way to increase aggregate throughput. --- Carric Dooley <carric () com2usa com> wrote:
I have seen specs stating 160Mb throughput for a Nokia IP650... that would just barely cover an OC3. This number may be inflated however.. we have Smartbit cards here but only for layer 2 testing (damn,damn!!). Anyone done any independent testing? Carric Dooley Network Security Consultant "A little inaccuracy sometimes saves a ton of explanation. " - H. H. Munro (Saki) (1870-1916) ----- Original Message ----- From: ddhumphr <david () bbn com> To: <firewall-wizards () nfr net> Sent: Thursday, March 02, 2000 8:28 AM Subject: Re: High Speed FirewallsHmmm. Aside from the I/F nomenclaturemisunderstanding, I'd suggest you talk to aNetscreen rep.. Their ASIC design looksinteresting, their rules are veryreasonable, their admin. interface is very usable,and their large server is heavythroughput. And no, there is no reason that mostpeople would think to use such ahigh speed device. ...but then most people don't work at ISP's. Nordo they operate part of thenational backbone. So most people won't see theneed for one of these. That doesnot, however mean it does not exist, believe me. Ace Robert Graham wrote:I think their may be some confusion between"gigabit" and "gigabyte".Also, from your description, it sounds like youdon't need a "firewall" butbasic packet filtering. A Cisco router canhandle gigabits/second and can carryout this basic level of filtering. A high-end commercial firewall is good when youhave a huge series of securityneeds that you want centralized: dynamicfilters, VPN, NAT, proxy, etc. It isan extremely poor solution if you needhigh-speed, basic static packet filters.Any commercial firewall is overkill for suchsimple needs; you'll like findwhat you need in a packet-filtering router.-- David Humphrey Network Consultant Professional Services GTE Technology Organization 10 Fawcett St. Cambridge, MA 02138 e-mail: david () bbn com tel: 617 873 7548 Pager: 888 548 5834 (5485834 () skytel com)
__________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Current thread:
- Re: RE: High Speed Firewalls, (continued)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 17)
- RE: RE: High Speed Firewalls David Newman (Mar 17)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Saravana Ram (Mar 23)
- Re: Re: High Speed Firewalls Dug Song (Mar 13)
- RE: RE: High Speed Firewalls David Newman (Mar 17)
- Re: RE: High Speed Firewalls Ryan Russell (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)
- Re: RE: High Speed Firewalls Crispin Cowan (Mar 21)
- RE: RE: High Speed Firewalls Ryan Russell (Mar 21)
- RE: RE: High Speed Firewalls David Newman (Mar 21)