[fw-wiz] Firewall Throughput

Darren Reed darrenr@reed.wattle.id.au
Wed, 6 Sep 2000 20:30:18 +1000 (EST)


In some email I received from Benson Hill, sie wrote:
[Internal error while calling pgp, raw data follows]
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Hey All
> 
> We're looking to purchase a new enterprise level firewall.
> As you can imagine, among other things, throughput is
> one of the major concerns.
> 
> Currently we're looking at CheckPoint VPN-1 and Cisco
> PIX.
> 
> Of course, both companies claim their solution is the best.
> Cisco says they are faster, CheckPoint says that's true only
> for certain types of traffic.
[...]

What do you value more - throughput or security ?

If you value security, the PIX isn't the answer, IMHO.  Then again,
the level of protection desired may mean that FW-1 is inappropriate.

If you value throughput then why bother with a PIX ?
Just get a router and add appropriate ACL's.

The first thing that comes to my mind when I see people asking this
question is "How fast do you want people to break in?".

Cheers,
Darren