Re: [fw-wiz] Intel vs. special purpose FW-1 servers

From: Carson Gaspar (carson_at_taltos.org)
Date: 07/21/05

  • Next message: Roelof JT Jonkman: "Re: FW: [fw-wiz] VOIP versus PBX" 
    To: firewall-wizards@honor.icsalabs.com
Date: Thu, 21 Jul 2005 16:30:37 -0400

    --On Thursday, July 21, 2005 09:32:44 AM -0400 "Marcus J. Ranum"
    <mjr@ranum.com> wrote:

    > You should know what your peak loads through the link are going to
    > look like, and then you can start looking at which products claim they
    > operate at that level. If you're really concerned you can either use
    > one of two (equally effective) approaches to predict the performance
    > you'll see:
    > 1) test or research a credible performance test (not one done by a vendor
    > lab) 2) use bob's algorithm - assume the product can actually handle 1/2
    > of what its manufacturer claims it can handle

    To add some real-life data to Marcus' common sense advice, be _very_
    careful about what packet rate you need. FW-1 vendors love to talk bps, but
    corner them on pps and their numbers are... less than stellar. And once you
    exceeded their max pps rate, they behaved _very_ badly. At least that was
    the case as of NG's release - it's possible things have improved in the
    interim.

    (Buy me a cosmo some time and I'll tell stories about dragging 64-byte
    packet performance numbers out of Checkpoint while they kicked, whined,
    screamed, and complained to my boss that I was being "unfair" for making
    them give the same performance data all the other vendors did. By the way -
    they came in dead last, on _any_ platform. Mmmmm.... slow _and_ insecure...) 

    -- 
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Roelof JT Jonkman: "Re: FW: [fw-wiz] VOIP versus PBX"