NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Using Nokia IP650 as Enterprise firewall??



Our Nokia 650s with 320MB RAM in a VRRP configuration are attached to a
DS3 (45MBps) circuit.  It supports a normal load of 23,000 connecitons with
a peak of more than 40,000.  It is very rare that processor utilization, using
uptime, exceeds .05 for the 1 minute increment and .01 for the 15-minute
average.
 
VRRP works without fail as does the state table synchronization.  Of
course, you do have to be careful with how much you want to log.  Log
Active and Log Account are pretty much useless due to the enormous
amount of data each monitors.  Never had a problem with Logging
otherwise.
 
Finally, make sure the Nokia has at least 128MB RAM, preferably 256MB,
because if you add anything to the box such as CVP, RealSecure sensor,
Log Accounting, Log Active, or others, you'll find that 128MB RAM just
isn't sufficient to perform the job.
 
 
David C. Diemer, CCSA
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
200 Piedmont Ave. SE
Suite 1420, West Tower
Atlanta, GA  30334
[email protected]
(V)
(F)

>>> <[email protected]> 01/24/01 04:35PM >>>



> We are currently using Firewall-1 on a Sun Ultra 2 machine.  We have about
> 2000 workstations and servers behind it.  During the peak period of the
> day, we have about 1000 to 1500 connection in the Firewall-1 's Active

I have a HP lpr, running Linux, FW-1 4.1 Our connection table almost
always exceeds 10,000 connection. It runs somewhere around 1% cpu
utilization. It's connected to four T-1s.

I've run 14 T-1's into a Nokia 330 without any performance problems.


> Now, my question is if you think the Nokia IP650 (or the IP440) would have
> sufficient (CPU, memory, etc.) capacity to replace the Sun Ultra 2 and
> handle the current load?  Better?

IP440 will do well.


> Another question is if the VRRP is only available for the Nokia setup, and
> not for the Sun Ultra 2 machine?  I guess my question is if the Checkpoint
> VRRP solution are built at the Firewall-1 software or at the hardware
> (Nokia) platform.

VRRP is only on the Nokia platform. I recommend Rainwall on Sun or Linux.

Frank



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.