[fw-wiz] Firewall scaling

Ian Searle ians at potatoplanet.org
Wed Jun 27 14:09:33 EDT 2007


Um.... I used to work at a firewall company and with each new release  
I would monitor the product's performance.  We easily had 100-200  
users behind this particular firewall, including a mail-server and I  
NEVER saw the number of connections get anywhere near 32,000.  1/3 to  
1/5 of that number is more like it.

It doesn't sound like you are dealing with very experienced people.   
Perhaps the best you can do is gather anecdotal evidence (like this)  
and use that?

----------
Ian Searle
ians at potatoplanet.org

P.S.  There were times when I would send and email to "all at ...."  
asking everyone to surf the web all at the same time.  Still, we  
never hit anything like 32k connections.


On Jun 26, 2007, at Jun/26 - 10:49 PM, rgolodner at infratection.com wrote:

>      Sami, it also depends on what type of traffic you are jamming  
> down theone wan link. If you have any type of mail server behind  
> your firewall, you may move up to that 32000 ceiling real quick.  
> Provide a little more information and this list will help you out.  
> With that many users and not knowing traffic types or amounts it is  
> hard to give you a decent rationale for your argument.
>
> Richard Golodner
>
> >-----Original Message-----
> >From: Sami Ghourabi [mailto:sami.ghourabi at online-netsecurity.com]
> >Sent: Saturday, June 23, 2007 07:40 AM
> >To: firewall-wizards at listserv.cybertrust.com
> >Subject: [fw-wiz] Firewall scaling
> >
> >Hi List,
> >
> >I'm trying to convince management that a firewall that supports 32000
> >concurrent sessions is enough for an organization that has a  
> single WAN
> >internet link, and about 60-100 users, but I'm lacking arguments.
> >
> >What do you think about that statement? Are there any rational  
> methods
> >available for firewall performance scaling (concurrent sessions, new
> >sessions per second, throughput, etc.)
> >
> >Any answer/resource appreciated.
> >
> >Best Regards.
> >
> >_______________________________________________
> >firewall-wizards mailing list
> >firewall-wizards at listserv.icsalabs.com
> >https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> >
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards at listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



More information about the firewall-wizards mailing list