Security Basics mailing list archives
RE: HW firewall for LAN
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Tue, 2 Dec 2003 10:20:24 -0800
Well, you won't likely find a (this is for x users) on 'larger' firewalls. On smaller SOHO firewalls (SonicWall TELE3 series, Netopia R910, etc) you can have an enforced limit via licensing or use. On larger firewalls you will most likely hear about throughput, whether that's Pps or Bps depends on the vendor. The PIX series is more cumbersome then their other IOS platforms. The PIX uses a 'Secure IOS' and is much like using an old UNIX server to a new Linux box (csh vs. BASH). The PIX is more of a handful then its counterparts, (SonicWall, WatchGuard and CheckPoint) but IMHO I believe its better. For easy of use and feature set there is no betting a SonicWall, their web administration is a piece of cake to use and with valueadd services like Web Filtering and Virus Scanning. I've used a PIX 515 at a 1500 node site without any problems. I've used WatchGuard and SonicWalls at sub 1000 node sites and more recently setup a CheckPoint (IP330) at a 2000+ node site. I'd give Cisco pre-sales a ring @ 1-800-553-6387. I've used them many times when I did outsourcing work and the vast majority of the time then can size up what you need with little BS. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: Dan Duplito [mailto:danduplito () techie com] Sent: Tuesday, December 02, 2003 12:57 AM To: security-basics () securityfocus com Subject: HW firewall for LAN hi, forgive me if this is a newbie query -- i'm relatively new to the security industry. we're looking to getting a HW firewall between our LAN and internal servers, similar to the one we have for our DMZ. i'm just wondering if a Cisco PIX (515 or 525) firewall is not overkill for a 3000+ user-base LAN/WAN network (i've read the specs from Cisco site but nothing was mentioned regarding user-base limit/capacity for each firewall). traffic will mostly constitute the usual Internet, mail, dns and telnet/ssh access to the servers. is there a rule-of-thumb for determining the appropriate firewall CPU speed and memory for a particular number of users? TIA for the help and inputs, dan ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- HW firewall for LAN Dan Duplito (Dec 02)
- <Possible follow-ups>
- RE: HW firewall for LAN Shawn Jackson (Dec 02)
- RE: HW firewall for LAN McGill, Lachlan (Dec 02)
- RE: HW firewall for LAN Dan Duplito (Dec 03)
- Secure RPC Darragh O'Brien (Dec 03)