Re: Speed of firewall with AV/DI

"CCMiami" <nospam@modeldriven.org> wrote in message
news:pQc_e.71344$Cc5.40250@lakeread06...
> Based on the note from Russ the speed of the firewall with all the
> options turned on is an issue. We would like to have some protection
> turned
> on internaly (to the servers in the DMZ) as well as on the external side
> in
> case people pick up viruses and bring them in (we have a lot of people
> with
> laptops). We aslo don't want the network running at a crawl!
>
> Has anyone done speed tests on the routers with the options on? Or, are
> there reviews or information from the suppliers?
>
> The Data point from Russ is; the Fortigate 60 would run about 50Mbps IPS
> and
> up to around 8 to 10Mbps AV, give or take depending on the traffic and the
> configuration.
>
> CCMiami
>

Hiya. The Sonicwall TZ170 is about the same in performance with GAV/IPS/AS
turned on.

The Netscreen 5GT slams into a brick wall with DI/AV turned on. In fact they
have wound back the DI options on the 5XT's are aren't adding any more
application scope the 5GTs. So it looks like the 5GTs CPU is maxed out.

If you're concerned about throughput the next step up in the Sonicwall range
is the Pro 2040.

If you want a COMPLETE UTTERLY SECURE FROM VIRUS'S BEYOND YOUR WILDEST
DREAMS network then investigate using a combination of Zoning, IPS/GAV, and
a switch that supports Multi-VLAN segementing. The Allied Telesyn 8524M does
this. It allows you to stop LAN clients talking to each other and thus
spreading nasties.

What you do is through all your desktops and laptops into a LAN zone, your
servers into a SERVER zones and IPS/GAV between the zones. Because the
switch blocks the clients talking to anything but the Sonicwall they can't
spread nasties. You can do it on a TZ170 with the enhanced OS, but you have
to watch your throughput versus $$$ versus security ;)
Received on Sat Oct 15 04:35:35 2005