Our Nokia 650s with 320MB RAM in a VRRP configuration are
attached to a
DS3 (45MBps) circuit. It supports a
normal load of 23,000 connecitons with
a peak of more than 40,000. It is very rare that
processor utilization, using
uptime, exceeds .05 for the 1 minute increment and .01 for the
15-minute
average.
VRRP works without fail as does the state table
synchronization. Of
course, you do have to be careful with how much you want to
log. Log
Active and Log Account are pretty much useless due to the
enormous
amount of data each monitors. Never had a problem with
Logging
otherwise.
Finally, make sure the Nokia has at least 128MB RAM,
preferably 256MB,
because if you add anything to the box such as CVP, RealSecure
sensor,
Log Accounting, Log Active, or others, you'll find that 128MB
RAM just
isn't sufficient to perform the job.
David C. Diemer, CCSA Enterprise Security Firewall Engineer Georgia
Department of Administrative Services (DOAS) 200 Piedmont Ave. SE Suite
1420, West Tower Atlanta, GA 30334 [email protected](V) (F) >>> < [email protected]>
01/24/01 04:35PM >>> > We are currently using
Firewall-1 on a Sun Ultra 2 machine. We have about > 2000
workstations and servers behind it. During the peak period of the >
day, we have about 1000 to 1500 connection in the Firewall-1 's Active I
have a HP lpr, running Linux, FW-1 4.1 Our connection table almost always
exceeds 10,000 connection. It runs somewhere around 1% cpu utilization. It's
connected to four T-1s. I've run 14 T-1's into a Nokia 330 without any
performance problems. > Now, my question is if you think the Nokia
IP650 (or the IP440) would have > sufficient (CPU, memory, etc.) capacity
to replace the Sun Ultra 2 and > handle the current load?
Better? IP440 will do well. > Another question is if the
VRRP is only available for the Nokia setup, and > not for the Sun Ultra 2
machine? I guess my question is if the Checkpoint > VRRP solution
are built at the Firewall-1 software or at the hardware > (Nokia)
platform. VRRP is only on the Nokia platform. I recommend Rainwall on Sun
or
Linux. Frank ================================================================================
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html================================================================================
|