| Title: | SEAL |
| Moderator: | GALVIA::SMITH |
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
I read the following threads on sizing firewalls. However, we have a
particular situation:
Customer, grammar school, will have 2000 clients and wants to know
if a AlphaServer 1000A will be sufficient. On the firewall system will
be the following:
1] T1 at the Internet (RED Net)
2] They want the Firewall system to do DHCP for the 2000 clients
3] Support a Proxy Server, we've informed them that the FW already
has cache for the web proxy (question 4444.13). We hope to
eliminate this
4] Support for Green net on the Firewall
If you have any experiences that you can share we'd greatly appreciate
it.
Regards,
--------------------------------------------------------------------------------
SEAL
Created: 21-MAR-1994 15:17 1785 topics Updated: 10-FEB-1997 19:38
Topic Author Date Repl Title
--------------------------------------------------------------------------------
625 KETJE::BEYENS 22-SEP-1995 1 Sizing firewall systems ?
690 TPOVC::ARROWWU 22-OCT-1995 5 How to limit the mail size in sendmail.cf
980 ispics.stl.dec.com:: 6-MAR-1996 7 Sizing of box to link speed
1026 MXOC00::ALVAREZ 26-MAR-1996 7 Why SUN's marketshare is larger?, Sizing?
1121 CHEFS::ANDERSONR 21-MAY-1996 6 URGENT HELP REQD - Firewall Sizing ****
1142 HGOVC::CHRISTSANG 5-JUN-1996 1 Concurrent users support and sizings
1278 CECAMO::JAGERMAN 2-AUG-1996 2 Sizing considerations of group tunnel?
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 1787.1 | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Feb 12 1997 05:52 | 18 | |
Of course a 1000A will cope, if it has enough memory. An AlphaStation 255 would cope as well. As for memory and disk requirements, you've listed several notes that contain that information - there's also at least one from me somewhere - use the AltaVista Notes Search to find it!!! I would be very concerned about running the firewall as a DHCP server. Perhaps someone else can be more specific about this, but my concern is that DHCP should be entirely an internal function, and putting it on the firewall is therefore a bad move. The firewall should not have arbitrary additional software (either additional bits of UNIX, or additional layered products or other programs) added to it, unless someone is going to work hard to check the security of these additional bits. The implications of the DHCP server are currently unknown at least to me. (I do know that you would have to tweak the ifaccess.conf file to make it work, because the firewall would have to respond to IP packets with source address 0.0.0.0, and these would by default only be accepted from the external interface ...) T | |||||