|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Using Nokia IP650 as Enterprise firewall??
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You cannot run RealSecure and FW-1 on the same box Daver. =) Two pigs won't fit in that box. Are you runnign IPS 3.3 yet? Carric Dooley Senior Consultant COM2:Interactive Media "But this one goes to eleven." - -- Nigel Tufnel On Thu, 25 Jan 2001, David C. Diemer wrote: > Our Nokia 650s with 320MB RAM in a VRRP configuration are attached to a > DS3 (45MBps) circuit. It supports a normal load of 23,000 connecitons with > a peak of more than 40,000. It is very rare that processor utilization, using > uptime, exceeds .05 for the 1 minute increment and .01 for the 15-minute > average. > > VRRP works without fail as does the state table synchronization. Of > course, you do have to be careful with how much you want to log. Log > Active and Log Account are pretty much useless due to the enormous > amount of data each monitors. Never had a problem with Logging > otherwise. > > Finally, make sure the Nokia has at least 128MB RAM, preferably 256MB, > because if you add anything to the box such as CVP, RealSecure sensor, > Log Accounting, Log Active, or others, you'll find that 128MB RAM just > isn't sufficient to perform the job. > > > David C. Diemer, CCSA > Enterprise Security Firewall Engineer > Georgia Department of Administrative Services (DOAS) > 200 Piedmont Ave. SE > Suite 1420, West Tower > Atlanta, GA 30334 > [email protected] > (V)> (F)> > >>> <[email protected]> 01/24/01 04:35PM >>> > > > > > We are currently using Firewall-1 on a Sun Ultra 2 machine. We have about > > 2000 workstations and servers behind it. During the peak period of the > > day, we have about 1000 to 1500 connection in the Firewall-1 's Active > > I have a HP lpr, running Linux, FW-1 4.1 Our connection table almost > always exceeds 10,000 connection. It runs somewhere around 1% cpu > utilization. It's connected to four T-1s. > > I've run 14 T-1's into a Nokia 330 without any performance problems. > > > > Now, my question is if you think the Nokia IP650 (or the IP440) would have > > sufficient (CPU, memory, etc.) capacity to replace the Sun Ultra 2 and > > handle the current load? Better? > > IP440 will do well. > > > > Another question is if the VRRP is only available for the Nokia setup, and > > not for the Sun Ultra 2 machine? I guess my question is if the Checkpoint > > VRRP solution are built at the Firewall-1 software or at the hardware > > (Nokia) platform. > > VRRP is only on the Nokia platform. I recommend Rainwall on Sun or Linux. > > Frank > > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Made with pgp4pine 1.75-6 iQA/AwUBOnBPgVUqWOkDpMZ2EQIwGwCg8b0E/YrKy+LAknMwI1p6RJdisCkAoNCK +5vstbZcl0GwvcpcA5lOMq4+ =st2R -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
