[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Checkpoint Platform
> I like Solaris, but the arguments I get are that the Alteon > is preforms better (applicance happy) because it is a hardware solution. The other > corner says that Linux costs are lower and it also runs > faster is faster than Solaris. It is true that throughput on a Linux machine or Alteon switch / firewall combo can be considerably higher than on a Solaris platform. Which raises the question: Where's your bottleneck? Do you have one currently? There are several areas of performance to consider. Without any claims to being exhaustive, here's a few: - MBit/s "raw" throughput on established TCP connections or UDP streams - Number of new connections per second (important for web server farms, for example) - Large-packet vs. small-packet throughput - Security server performance - http, smtp, CVP, UFP - you get the picture. This is a whole chapter in and of itself. - VPN throughput in MBit/s (can be dramatically enhanced by use of AES and Performance Pack aka SecureXL ; 3DES hardware accelerators) - VPN key exchange performance - number of VPN channels that can be handled at any one time (important for large-scale SecureClient/SecuRemote deployments) - Load-balancing capabilities (keywords ClusterXL vs. Nokia IP Clustering vs. Stonebeat FullCluster vs. Rainfinity ... etc) - ISP load-balancing capabilities on the box rather than through BGP (an interesting field, with, hmm, "emerging players" :)) If you have a performance issue, I would not write off Solaris out-of-hand. I'd evaluate the area(s) that performance is weak in, and compare the relative merits of new platforms vs. boosting Solaris performance, if boosting Solaris is possible for the area that you have a bottleneck in. In other words, evaluate what switching platforms might do for you as well as to you. Somebody give me a reality check ... isn't the firewall part of an Alteon solution based on SecurePlatform? If so, that means asking the same questions of the supplier(s) that you would ask for a RedHat Linux solution: What's the future roadmap now that RHL is dead or dying, and RHEL is the new king? Mind you, I'm not saying "this is not a feasible platform". It clearly is. Questions about the future still need to be asked, though. Regards Shawn Behrens Integralis/Activis Managed Security Services 111 Founders Plaza East Hartford, CT 06108Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.integralis.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|