Firewall Wizards mailing list archives

Comments from Checkpoint on Nokia load balancing

From: "Schotsal, Roger" <roger.schotsal () intel com>
Date: Fri, 9 Mar 2001 08:54:10 -0800

Gents I am rolling out some Nokia Boxes -

Below are some comments I got back from Checkpoint on on recent strings in
the news group.  Thought they might be of interest.  I did not do any
editing to preserve the integrity.

A few comments below:


First, Nokia often lags in patch release. Often, you'll see a few weeks
between the time a patch/hot fix/service pack comes out for the Sun version
of FW-1 and the Nokia version.

It is true that currently Nokia service packs, patches etc are released a 
little bit after Sun and NT versions.  The goal is two weeks.  As of now, 
both Nokia and Check Point are dedicating more resources to gettting this 
process speeded up.


Second, Nokia is based on BSD. My understanding (could be wrong) is that
Checkpoint is asking all application vendors to now run the Linux version 
of
FW-1. This would mean that conceivably at some point Nokia will have to
switch from BSD to Linux. This *is* speculation on my part, but it seems
reasonable.

Check Point is not asking all appliance vendors to run on Linux.  The 
criteria used in selecting an OS for a "Secured by Check Point" appliance 
are performance and cost.  In many cases, Linux turns out to be the best in 
both areas

Third, Sun is much faster at DES encryption throughput than Nokia (however,
Nokia seems to win in raw packet passing speed.) Also, I don't believe the
add on cards for encryption acceleration support Nokia yet, but I'm not
certain on that...

According to the figures I've seen 
(http://www.checkpoint.com/products/vpn1/vpn1perfdata.html), Sun is only 
slightly faster on DES encryption.  The Chrysalis Accelerator card is 
currently available for Nokia and the release of the Broadcom card for 
Nokia is imminent.

Fourth, with dual Sun boxes, and a good fail over product like Stone Beat, 
I
believe you can do load balancing of traffic between both Sun boxes. As far
as I know, you can't do load balancing between two Nokia boxes yet.

Yes, this is true.  However, there are also other options such as load 
balancing switches etc.
http://www.checkpoint.com/opsec/performance.html#HA_Load_Balancing


Roger Schotsal
Internet Firewall Product Engineer
Intel Corporation
916 356-7922


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Comments from Checkpoint on Nokia load balancing Schotsal, Roger (Mar 10)
- <Possible follow-ups>
- RE: Comments from Checkpoint on Nokia load balancing Kalat, Andrew (ISS Atlanta) (Mar 11)