Re: Firewall performance

[Chris Brenton <cbrenton () sover net>]

Sandy Green wrote:
> There is a lab report on the checkpoint site about the
> solaris vs NT performance.
> fine.... but actaully there are other important factors
> like PCI bus speed of the computer as well, CPU
> speed ,memory.

True, but OS does play a big part of the picture. For example compare
the Nokia line with NT. Both run on Intel hardware but the former is
speced 3X to 6X times faster. The speed difference comes from the Nokia
box box being a stripped down version of FreeBSD. Unfortunately there
are too many layers in NT to strip it down to the same level. Not
looking to fan the religious wars which are raging on other lists, just
stating the facts.

> I have done some tests on a server with 500 MB of RAM ! and there
> was no significant improvement.

Understandable. FW-1 runs completely from memory (except for the log
files which write to disk). Once you have enough memory to hold the OS
and the firewall code, any more is wasted. All you need is enough memory
to keep from swapping to disk.

> I thought that this list would have
> expereinced such issues in their environments. But unluckily for
> me I have not got any response from any of the list members.

At least for me, the reason I did not respond initially is that I did
not quite understand the question. Do you have a specific platform that
you think is not performing well, or are you just talking "what makes a
firewall run faster?" in general?

Cheers,
Chris
-- 
**************************************
cbrenton () sover net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet