Bottlenecks almost always end up being the smallest pipe on a network. In
your case you have a possible 4 T1's which even when all are fully utilized
will only pass around 6mb of traffic per second. Even your darn 10 baseT
ethernet pipes could handle that. The PIX can handle up to 170mb per second
and won't even blink at 4 fully loaded T1's. I suggest you give the client
the numbers and let them do the math. After they have done their own math,
and if they are still not convinced your right, may I suggest you ask them
why they need your help, they obviously know more about the matter at hand
than you do :-)
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 15, 2001 6:33 PM
Subject: PIX Performance
> Hello everyone. Here is the situation. A client of mine plans on setting
up
> some DMZs off either a PIX 515 or 525. Servers will consist of smtp
relay,
> ftp, 2 to 4 web servers, 2 OWA servers, and 5 to 10 web app servers.
Inside
> (the internal LAN), there are about 10 servers, some database, which dmz
> servers will need to access. They currently have 2 T1s for external
access
> to these DMZ based servers (no internally initiated web traffic), and do
not
> plan to upgrade to more that 4 T1s anytime soon. To the point, the client
> claims that the PIX will be unable to handle all the traffic from the
front
> end and the access to the back end and that it will become a performance
> bottleneck with an extremely complicated, long rule set. My experience
and
> opinion tell me that the PIX will do just fine and could probably handle a
> hell of a lot more. It is doing static NAT also but not any VPN stuff.
If
> anything, with about 6000 remote clients accessing certain servers
throughout
> the day, the potential bottleneck with be the 2 T1s or the 2610 router in
> front of the PIX, not the PIX itself - but he won't believe me! I have
> plenty of performance test results and have implemented multiple PIXs and
> some Check Point Firewalls. Am I missing something? How do I convince
him?
> Since this may not be perceived as a certification issue, you should
probably
> answer me directly and not clog up the list. Thank-you in advance...
>
> David Raker CCDP, CCNP, MCSE, MCP + Internet
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
