[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] choice bw nt or linux, crypto cards???
I hate when Linux evangelists turn up on every mailing list. I know you have a real inferiority complex to solve, but please let's not turn this list into an O/S bashing contest when it is supposed to be used for discussion about firewall-1. Yes you could use NT, yes you could use BSDi, yes you could use Solaris, yes you could use Linux, yes you could use the Nokia via IPSO/BSD etc....or you could even use an "appliance" like the myriad of SOHO "firewalls". The simple answer to this entire debate is that when it comes to deciding which platform to use, "it depends" on what the customers requirements are. No great debate is required to arrive at this point. As far as crypto cards are concerned...I have seen the prices for the cards that provide IPSEC and they seem high compared to some other solutions I have seen. Has anyone tried the Intel i960 based "Intelligent" server adapter which has coprocessor support and handles IPSEC without loading the CPU? I think the drivers for this are only available under NT, but I could be wrong. I have 3 of these in my server and they support ISL, which is nice because you can trunk them to a Catalyst switch and provide multiple DMZ legs via VLANs. ----- Original Message ----- From: Chris Trudeau <[email protected]> To: Firewall Admin <[email protected]>; <[email protected]> Sent: Tuesday, September 05, 2000 2:53 PM Subject: Re: [FW1] choice bw nt or linux > > I agree the Nokia boxes kick serious rear-end AND offer much more from a feature > set. The only point I wanted to make was that for it's "freshman" season Linux > is making some noise... > > Apple-to-Apple comparison is extremely valid, however if Linux supports SMP > accross the board and BSDI doesn't that would be a feature in my mind...and I do > believe that is the only reason that Nokia doesn't support the config you > mention below. Additionally the point about bang for the buck is applicable, a > Nokia box is EXTREMELY expensive, and if an organization wanted a box like this > ONLY for VPN connectivity, I'd gladly sell them a Linux solution with Crypto > card possibly multpile processor ove the Nokia. > > Things like this require an extyensive evaluation of the customer's business > needs. For example..consider the following: > > Customer "A" wants a border firewall to handle outbound traffic, 2 PHYSICAL > DMZ's and route sharing via BGP to their ISPs for 1 of the DMZ's, then I would > definitely recommend the NOKIA, if for no other reason then its ability to > handle and accept BGP protocol requirements. It's ability to provide a large > number of interfaces and the inherent ability to be configured in a redundant > pair help support that decision. This kind of need justifies the large dollars > for this solution and NOTHING can handle this as well as the NOKIA platform. > > However, Customer "B" wants to run 200 concurrent VPN sessions for > dial-up/telecommuters and possibly a development DMZ leveraging the same > architecture...I would lean toward a hardened linux solution. It is > considerably less expensive and even as a freshman could handle this type of > functionality pretty well. > > So, in summary, I suppose I should have gathered additional information about > the original question which was... > comparing Linux to NT... > > What is the particular application, need, business requirements etc...I suppose > I just jumped on the opportunity to say that Linux kicks NT's butt pretty much > across the board when Checkpoint is involved... > > CT > > > Firewall Admin wrote: > > > But if you compared apples to apples and had a Nokia box with dual Xeon > > processors it would most likely kick Linux's butt. The performance figures > > on CPs web site show the IP650 with SINGLE PIII 700 and 256MB pushing > > 240Mbps. > > > > Just my two pence worth. > > > > ----- Original Message ----- > > From: "Chris Trudeau" <[email protected]> > > To: "Brett Lymn" <[email protected]> > > Cc: <[email protected]> > > Sent: Tuesday, September 05, 2000 12:19 PM > > Subject: Re: [FW1] choice bw nt or linux > > > > > > > > As I was then... > > > > > > I did not actually SEE the results, although I would very much like to be > > involved > > > in the benchmarking of the different solutions. I definitively HAVE seen > > postings > > > and otherwise indicating that a comparable Solaris Solution (processor > > etc) was > > > used int he test and was beaten by some crazy percentage... > > > > > > Nokia boxes were also tested in the same benchmark and were also beaten. > > I can > > > easily go out and find a redundant power supply 19" rack mountable Intel > > based > > > hardware solution for about $4500, install RH 6.X and Checkpoint on the > > box and it > > > will beat an Existing Nokia platform in most tests... > > > > > > I agree that the Linux Stack has a way to go to be as efficient, but $4500 > > for a > > > linux solution which does in fact SMOKE a $30,000 Nokia solution is a nice > > price > > > point for a lot of people. > > > > > > The point I suppose I SHOULD have made is the "bang-for-the-buck" one. > > The linux > > > solution far and away provides more bang for the buck than ANY of the > > other > > > solutions. > > > > > > CT > > > > > > Brett Lymn wrote: > > > > > > > According to Chris Trudeau: > > > > > > > > > > > > > > >and IMHO the reports I hear is that a tuned linux kernel running > > Checkpoi= > > > > >nt SMOKES > > > > >the competition, including Nokia, and ANYTHIN on NT... > > > > > > > > Uhhhh ``I doubt it'' the processor in the linux box used in the > > > > testing may have been a lot faster than the processor in the Nokia > > > > giving you an inflated figure. The linux tcp/ip stack still has a way > > > > to go in terms of performance, I am reasonably certain that it beats > > > > the NT implementation but as for beating the BSD IP stack... I think > > not. > > > > > > > > >May be spoiled, but= > > > > > routing > > > > >issues are normally easier to troublshoot as is remote management of > > the = > > > > >OS and many > > > > >other factors when one uses a linux or *nix mased solution. > > > > > > > > > > > > > secure, remote access is something the *nix solutions do do better > > > > than NT. > > > > > > > > >And in this case it is supposedly so much faster too... > > > > > > > > > > > > > I would crank up the salt mine on that one. > > > > > > > > -- > > > > > > ============================================================================ > > === > > > > Brett Lymn, Computer Systems Administrator, BAE SYSTEMS > > > > > > ============================================================================ > > === > > > > > > > > > > > > > > ============================================================================ > > ==== > > > To unsubscribe from this mailing list, please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > > > ============================================================================ > > ==== > > > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|