How do you go about sizing a firewall?
I ask both generally and specifically. Right now I need to replace
an existing ISA server, and top of the list is a Secure Computing
Sidewinder (those Palo Alto boxes look nice but they're just too much
$$$ to go beyond looking at the features on the website :-)).
Anyway, as with most vendors there's a number of models and a number
of specs that vary as you move up the range - throughput, max
sessions, recommended users etc.
In our case I suspect we're a bit of an oddity, as we have a fat
internet pipe and a few hundred users, but not all have full internet
access and there's very little in the way of concurrent access (I
think the most concurrent sessions I've ever seen was around 3000 and
that depends on the vendors idea of a session).
Because of this, with most vendors I'm thinking of our situation and
on paper 9/10 times the low end units appear suitable, the vendors
seem to simply hear "few hundred users" and "fat internet pipe" and
try and persuade me I need the higher end models.
What puts the most load on a modern firewall such as a Sidewinder, is
it sheer throughput, is it keeping track of X sessions to/from Y
clients and so on?
I'd appreciate any thoughts/input on how you go about sizing/speccing
these things if you don't have the budget to simply buy a the mid to
top range unit.
cheers,
Paul
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jun 30 2008
Intro
