Re: [FW1] Using Nokia IP650 as Enterprise firewall??

[James_E_Clukey@FW1-NOSPAMrush.edu]

Raymond:

     The Nokia IP650 will definitely handle your load. The IP440 should also be
able to handle your load but am not as familiar with the specs on this machine
(as we use a pair of Nokia IP650s here). On each of our Nokia IP650s we have
256MB of memory and a PII processor (448MHz). The IP650s will definitely be able
to handle your load and then some.

     As far as VRRP is concerned.... VRRP was developed by Nokia and as far as I
know is only implemented on Nokia equipment. It could be possible that it will
work on other platforms but I do not currently know of any yet and I have never
heard of anyone implementing it on Sun equipment.

     As far as an HA environment in regards to Sun equipment is concerned I have
heard quite a few people use the Stonebeat Full Cluster product line. But as I
have never used this product I am not very familiar with it. Maybe someone from
this list could comment?

     As far as a CheckPoint HA setup, since v4.1 SP2? CheckPoint has
encorporated some HA functionality into there code but I have not taken a look
at it. Since we use VRRP here I have not really looked into this.

     Now, my opinion is rather biased but the Nokia platforms are a very solid
box. They are very easy to set up out of the box and are a very solid/stable
platform. Since you are familiar with Unix (being that your current machine is
an Ultra-2 running Solaris 2.x) the jump to a Nokia platform running IPSO (based
on FreeBSD) would be rather minor.

     We basically made the jump that you are thinking about now a couple of
years back and the jump was NOT as traumatic as we had originally anticipated.

     Let me know if you would like more input.







Raymond N <OutMail@iname.com> on 01/23/2001 02:32:00 PM
                                                              
                                                              
                                                              
  To:          fw-1-mailinglist@lists.us.checkpoint.com       
                                                              
  cc:          (bcc: James E Clukey/Rush/RSH)                 
                                                              
                                                              
                                                              
  Subject      [FW1] Using Nokia IP650 as Enterprise          
  :            firewall??                                     
                                                              







Hi there,

We are currently using Firewall-1 on a Sun Ultra 2 machine.  We have about
2000 workstations and servers behind it.  During the peak period of the
day, we have about 1000 to 1500 connection in the Firewall-1 's Active
session table.  We use both static NAT and hide NAT.  So far, the firewall
machine is doing well and we doesn't notice any load problem.

Now, my question is if you think the Nokia IP650 (or the IP440) would have
sufficient (CPU, memory, etc.) capacity to replace the Sun Ultra 2 and
handle the current load?  Better?

Another question is if the VRRP is only available for the Nokia setup, and
not for the Sun Ultra 2 machine?  I guess my question is if the Checkpoint
VRRP solution are built at the Firewall-1 software or at the hardware
(Nokia) platform.


Thanks in advance.

-raymond



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================