[unisog] High speed firewalls - Connections per second not bits per second

Mayne, Jim J.Mayne at tcu.edu
Mon Feb 21 16:40:28 GMT 2005


Currently TCU is using a Checkpoint FW1 NG AI firewall running on a
Nokia platform in front of our RESNET network. We have begun to see more
and more problems with the firewall dropping packets when we get a rash
of infected machines. Nokia is now telling us that without their IP2250
(Very expensive!) box they cannot handle over 1k connections per second
when running FW1 (even with SecureXL and every other optimization they
can think of). 1k cps is not much when you have even a few infected
machines.

So my question is do you all know of firewalls, stateful inspection and
not just ACL's on routers, that can really handle large numbers of
connections per second? I see a lot about bps but not too much about
cps.

Thanks,

Jim

Jim Mayne 
Network Security Engineer 
Texas Christian University 
j.mayne at tcu.edu 
(817) 257-6843 




More information about the unisog mailing list