Firewall Wizards mailing list archives
Re: TCP buffers in firewalls
From: chuck yerkes <Chuck () yerkes com>
Date: Thu, 11 Dec 1997 19:10:19 -0500 (EST)
I know that in the previous major version of Checkpoint, the proxies' performance was, er, minimal. If it's your machine, try another proxy (TIS httpd-gw, squid (without caching), whatever) on the firewall. Checkpoint seems, to me, to be designed to be a screening router primarily with proxies put in as an afterthought. I do know that an Ultra with FW-1 can handle 100baseT ok. It could either be a TCP issue, but likely is a 'proxy that sucks' issue. chuck It is claimed, but unverified, that Stout, William wrote:
I had a situation where a firewall locked up repeatedly during high traffic periods and required hard reboots. The firewall was a Checkpoint FW-1 on an UltraSparc where the Internet feed was a 10Mb Ethernet link. The machine behind that was an Alphaserver serving banner ads. This was a operational failure, not an attack.
Current thread:
- TCP buffers in firewalls Stout, William (Dec 11)
- <Possible follow-ups>
- Re: TCP buffers in firewalls chuck yerkes (Dec 11)
- Re: TCP buffers in firewalls benecke (Dec 12)
- Re: TCP buffers in firewalls chuck yerkes (Dec 12)
- Re: TCP buffers in firewalls benecke (Dec 12)
- Re: TCP buffers in firewalls Bret Watson (Dec 12)
- RE: TCP buffers in firewalls Stout, William (Dec 12)
- Re: TCP buffers in firewalls Travis Low (Dec 12)
- RE: TCP buffers in firewalls Stout, William (Dec 15)