Our Nokia 650s with 320MB RAM in a VRRP configuration are
attached to a
DS3 (45MBps) circuit. It supports
a normal load of 23,000 connecitons with
a peak of more than 40,000. It is very rare that
processor utilization, using
uptime, exceeds .05 for the 1 minute increment and .01 for
the 15-minute
average.
VRRP works without fail as does the state table
synchronization. Of
course, you do have to be careful with how much you want to
log. Log
Active and Log Account are pretty much useless due to the
enormous
amount of data each monitors. Never had a problem with
Logging
otherwise.
Finally, make sure the Nokia has at least 128MB RAM,
preferably 256MB,
because if you add anything to the box such as CVP,
RealSecure sensor,
Log Accounting, Log Active, or others, you'll find that
128MB RAM just
isn't sufficient to perform the job.
David C. Diemer, CCSA
Enterprise Security Firewall Engineer
Georgia
Department of Administrative Services (DOAS)
200 Piedmont Ave. SE
Suite
1420, West Tower
Atlanta, GA 30334
[email protected](V)
(F)
>>> <
[email protected]>
01/24/01 04:35PM >>>
> We are currently using
Firewall-1 on a Sun Ultra 2 machine. We have about
> 2000
workstations and servers behind it. During the peak period of
the
> day, we have about 1000 to 1500 connection in the Firewall-1 's
Active
I have a HP lpr, running Linux, FW-1 4.1 Our connection table
almost
always exceeds 10,000 connection. It runs somewhere around 1%
cpu
utilization. It's connected to four T-1s.
I've run 14 T-1's into
a Nokia 330 without any performance problems.
> Now, my question
is if you think the Nokia IP650 (or the IP440) would have
> sufficient
(CPU, memory, etc.) capacity to replace the Sun Ultra 2 and
> handle the
current load? Better?
IP440 will do well.
> Another
question is if the VRRP is only available for the Nokia setup, and
> not
for the Sun Ultra 2 machine? I guess my question is if the
Checkpoint
> VRRP solution are built at the Firewall-1 software or at
the hardware
> (Nokia) platform.
VRRP is only on the Nokia
platform. I recommend Rainwall on Sun or
Linux.
Frank
================================================================================
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html================================================================================