Firewall Wizards mailing list archives
Re: Firewall Sizing?
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Mon, 30 Jun 2008 15:49:53 +0200
Hello, On Thu, Jun 26, 2008 at 06:58:48PM +0100, Paul Hutchings wrote:
In our case I suspect we're a bit of an oddity, as we have a fat internet pipe and a few hundred users, but not all have full internet access and there's very little in the way of concurrent access (I think the most concurrent sessions I've ever seen was around 3000 and that depends on the vendors idea of a session).
If you are specifically looking into Sidewinder^H^H^H^H^H^H^H^H^H^H Secure Firewall, then you need to take the license model into account. Every box below the 11xx limits the number of IP addresses on non-internet burbs. This is a hard limit, you cannot upgrade the license besides by buying a bigger box. They offer reasonable trade in deals, but because of a "performance guarantee" policy they refuse to put more load on a system then they designed it for. So in case of Secure Computing I would really ask the vendor. With us they have always been quite straight and never recommended the bigger box just because of the better deal for them.
What puts the most load on a modern firewall such as a Sidewinder, is it sheer throughput, is it keeping track of X sessions to/from Y clients and so on? I'd appreciate any thoughts/input on how you go about sizing/speccing these things if you don't have the budget to simply buy a the mid to top range unit.
Look up which unit is the smallest that satisfies your internal/DMZ IP address requirements. Then ask a sales engineer of Secure Computing for throughput figures of that particular box in various situations. Then use your thumb ;-) At least that's what we did. We use a pair of 210Ds to protect hosted Windows servers in our datacenter. Kind regards, Patrick M. Hausen -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info () punkt de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall Sizing? Darden, Patrick S. (Jul 02)
- Re: Firewall Sizing? Carson Gaspar (Jul 28)
- <Possible follow-ups>
- Re: Firewall Sizing? Marcin Antkiewicz (Jul 02)
- Re: Firewall Sizing? Patrick M. Hausen (Jul 02)