DON'T just have them browse right out!
Cache/Proxy chain a couple of times - this will massively reduce your
traffic, esp. if you also run a caching name server before your T1.
I'd also recommend some kinda content/virus checker in the chain and
the last 'hop' before the 'net being an application-level firewall
(this would also running a caching name server, only serving requests
on i/f 127.0.0.1).
This is fine for at least up to 5k clients (with two 'chains', going
out of two 6 Meg lines, to two different ISP at two geographic
locations - we can manually switch all traffic through either pipe)
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto
Secure Technologies Ltd. Mob. 07971 589 201
mailto:dom_at_devitto.com Tel. 01202 738 767
http://www.devitto.com Fax. 08700 548 750
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: owner-firewall-wizards_at_lists.nfr.net
[mailto:owner-firewall-wizards_at_lists.nfr.net]On Behalf Of Walt Sullivan
Sent: Wednesday, December 29, 1999 11:19 PM
To: firewall-wizards_at_nfr.net
Subject: Sizing a firewall
I'm consulting for a Canadian government agency that plans to allow
desktop access to the Internet for the first time next year (yes, I
know, "Forward into the 70's", but is is government).
They think they have about 25,000 desktops (Windows 95/98, shudder).
How can I help them predict the amount of traffic they'll see on their
T1 connection?
Is there anybody out there running a firewall for 25K desktops that is
willing to share an order-of-magnitude guess?
Thanks,
Walt
--
Walt Sullivan
UNIX & Networks, Security & SysAdmin
walt_at_trytel.com
Received on Jan 02 2000
Intro
