[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Why choose Nokia? Here's why.
- ----- Original Message ----- From: <[email protected]> To: <[email protected]> Cc: "Scott Schindler" <[email protected]>; <[email protected]> Sent: Friday, September 22, 2000 2:53 PM Subject: RE: [FW1] Why choose Nokia? Here's why. <snip> > However, he was somewhat misleading in his comparison of Stonebeat to > Nokia's. <snip> Can you extrapolate on that? > "Mark Decker" <[email protected]> on 09/22/2000 03:22:05 PM > To: "Scott Schindler" <[email protected]> > cc: [email protected] (bcc: Mark Boltz/Stone) > Subject: RE: [FW1] Why choose Nokia? Here's why. <snip> > As an HA solution, VRRP is adequate for some > purposes, > but it can't do dynamic load balancing and does nothing to address > scalability. <snip> So there *is* a single solution that provides both load-balancing and HA without one affecting the performance of the other? >From what I have experienced comparing a Cisco PIX to a Nokia/FW1 is like talking about sending smoke signals instead of email(exaggerating for effect--no flames please). The "transaction" of a security device is the security it provides while the "revenue" of a security device is its logging. If it takes extra effort to receive logging from a security device, one is doing the job of their vendor. My feeling is that gathering and interpreting syslogs is not a useful expense of my time--except where there are no other options. The Nokia w/VRRP has always appealed to me for the simple reason that if one of those puppies goes down I can have another up and running in a very short time without worrying over an OS--an advantage in a large enterprise with very segmented duties. Of course, those using OS-based (tr. not appliance) firewalls can always have one in the wings already hardened for the same purpose. The new processor upgrades on the Nokia's have significantly increased the performance ratings of the boxes, squelching that argument as well. Here's a nice setup for an enterprise: Inbound Only: (1) dedicated load-balancing device, (4) Nokia IP650 INET-->|LBD|-->|DUAL_NOKIAS w/VRRP|-->|DMZ| | |-->|DUAL_NOKIAS w/VRRP| | | Not perfect but one could scale this in many ways for inbound or outbound traffic. ===== HolySmokeBatman [hsb] [email protected] KaPoW! ========================= __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|