RE: query on firewall throughput.....

From: charles lindsay (frostbackeng@yahoo.com)
Date: 11/19/02

  • Next message: Sephiroth: "Re: Protect folder data." 
    Date: Tue, 19 Nov 2002 06:56:08 -0800 (PST)
From: charles lindsay <frostbackeng@yahoo.com>
To: saikrishna@softhome.net

    throughput: how many bits per second (actually bytes,
    and more practically, packets of a partiucular size)
    the firewall can process in second, under specific
    laboratory conditions. Nominally, the faster the
    better, but it may be very traffic dependent, this
    isn't a router/switch you are testing: a firewall may
    need to look deeper in some packets than others, and
    apply extensive rules for some applications. Fast
    scanning of packets for viruses is expensive, and to
    do it really fast requires specialized hardware, which
    costs $$$.

    (1 Gbps = 1000 Mbps).

    The number of concurrent sessions is important in a
    firewall because the firewall has to store some state
    information about each TCP/UDP connection and each
    outstanding ICMP request. For example, if you are
    using Network Address Translation (NAT), it is
    important to maintain the same mapping of internal to
    external address (and TCP/UDP port) for the whole
    exchange. If you are scanning for virus signatures,
    you probably have to do some form of re-assembly
    (turning a series of packets into a stream). Session
    state takes memory, large amounts of memory costs
    $$$$.

    Of course marketing numbers are different than the
    real world, and you probably want to select a firewall
    on the basis of what you need, not what the vendor
    wants to sell you.

    >> Hi all,
    >>
    >> I have seen and read some of the Firewall
    vendors say that their
    >> firewall throughput is put 380 mbps or 1Gbps with
    some 2,80,000
    >> concurrent sessions. What does it mean ? Please
    clarify me.
    >>
    >>
    >> Thanks in advance..
    >>
    >> Sai

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Web Hosting - Let the expert host your site
    http://webhosting.yahoo.com

    Relevant Pages

    • Re: iptables and dhcp
      ... > the same physical network segment as the firewall and the remote DHCP ... You used INPUT and not FORWARD chain ... # This target allows packets to be marked in the mangle table ...
      (comp.os.linux.networking)
    • Re: Trouble accessing Outlook Web Access from behind firewall
      ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
      (comp.security.firewalls)
    • Re: Visnetic and 8signs firewall LOOPHOLE Read....
      ... I said I am just reporting bug in your Firewall, ... From the Port Scan/Properties control screen: ... The firewall filtered 100% of the packets that were received. ... operating system (I'm talking Windows, ...
      (comp.security.firewalls)
    • Re: strange network traffic
      ... Maybe not so wise to not have a firewall and trust a third party lurker to ... Subject: strange network traffic ... > -> connection established, following packets have neither SYN nor ...
      (Security-Basics)
    • Re: port 80 is open
      ... The firewall drops all packets initiated ... > internet the ISP router does not send the unreachable message. ... and then close the connection as your IP is seen as not connected. ...
      (comp.security.firewalls)