Firewall Wizards mailing list archives

Re: Firewall Sizing?

From: "Patrick M. Hausen" <hausen () punkt de>
Date: Mon, 30 Jun 2008 15:49:53 +0200

Hello,

On Thu, Jun 26, 2008 at 06:58:48PM +0100, Paul Hutchings wrote:

In our case I suspect we're a bit of an oddity, as we have a fat internet 
pipe and a few hundred users, but not all have full internet access and 
there's very little in the way of concurrent access (I think the most 
concurrent sessions I've ever seen was around 3000 and that depends on the 
vendors idea of a session).


If you are specifically looking into Sidewinder^H^H^H^H^H^H^H^H^H^H
Secure Firewall, then you need to take the license model into
account. Every box below the 11xx limits the number of IP addresses
on non-internet burbs. This is a hard limit, you cannot upgrade the
license besides by buying a bigger box. They offer reasonable trade
in deals, but because of a "performance guarantee" policy they
refuse to put more load on a system then they designed it for.

So in case of Secure Computing I would really ask the vendor. With
us they have always been quite straight and never recommended the
bigger box just because of the better deal for them.

What puts the most load on a modern firewall such as a Sidewinder, is it 
sheer throughput, is it keeping track of X sessions to/from Y clients and 
so on?

I'd appreciate any thoughts/input on how you go about sizing/speccing these 
things if you don't have the budget to simply buy a the mid to top range 
unit.


Look up which unit is the smallest that satisfies your internal/DMZ
IP address requirements. Then ask a sales engineer of Secure Computing
for throughput figures of that particular box in various situations.
Then use your thumb ;-)
At least that's what we did. We use a pair of 210Ds to protect hosted
Windows servers in our datacenter.

Kind regards,
Patrick M. Hausen
-- 
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info () punkt de       http://www.punkt.de
Gf: Jürgen Egeling      AG Mannheim 108285
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewall Sizing? Darden, Patrick S. (Jul 02)
- Re: Firewall Sizing? Carson Gaspar (Jul 28)
- <Possible follow-ups>
- Re: Firewall Sizing? Marcin Antkiewicz (Jul 02)
- Re: Firewall Sizing? Patrick M. Hausen (Jul 02)