Security Basics mailing list archives

RE: HW firewall for LAN

From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Tue, 2 Dec 2003 10:20:24 -0800


        Well, you won't likely find a (this is for x users) on 'larger'
firewalls. On smaller SOHO firewalls (SonicWall TELE3 series, Netopia
R910, etc) you can have an enforced limit via licensing or use. On
larger firewalls you will most likely hear about throughput, whether
that's Pps or Bps depends on the vendor. 

        The PIX series is more cumbersome then their other IOS
platforms. The PIX uses a 'Secure IOS' and is much like using an old
UNIX server to a new Linux box (csh vs. BASH). The PIX is more of a
handful then its counterparts, (SonicWall, WatchGuard and CheckPoint)
but IMHO I believe its better. For easy of use and feature set there is
no betting a SonicWall, their web administration is a piece of cake to
use and with valueadd services like Web Filtering and Virus Scanning.
I've used a PIX 515 at a 1500 node site without any problems. I've used
WatchGuard and SonicWalls at sub 1000 node sites and more recently setup
a CheckPoint (IP330) at a 2000+ node site. 

        I'd give Cisco pre-sales a ring @ 1-800-553-6387. I've used them
many times when I did outsourcing work and the vast majority of the time
then can size up what you need with little BS. 

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Dan Duplito [mailto:danduplito () techie com] 
Sent: Tuesday, December 02, 2003 12:57 AM
To: security-basics () securityfocus com
Subject: HW firewall for LAN

hi, forgive me if this is a newbie query -- i'm relatively new to the
security industry.

we're looking to getting a HW firewall between our LAN and internal
servers, similar to the one we have for our DMZ.

i'm just wondering if a Cisco PIX (515 or 525) firewall is not overkill
for a 3000+ user-base LAN/WAN network (i've read the specs from Cisco
site but nothing was mentioned regarding user-base limit/capacity for
each firewall). traffic will mostly constitute the usual Internet, mail,
dns and telnet/ssh access to the servers. 

is there a rule-of-thumb for determining the appropriate firewall CPU
speed and memory for a particular number of users?

TIA for the help and inputs,
dan

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

HW firewall for LAN Dan Duplito (Dec 02)
- <Possible follow-ups>
- RE: HW firewall for LAN Shawn Jackson (Dec 02)
- RE: HW firewall for LAN McGill, Lachlan (Dec 02)
- RE: HW firewall for LAN Dan Duplito (Dec 03)
  - Secure RPC Darragh O'Brien (Dec 03)