While it is true that MS Proxy 2.0 outperformed Checkpoint in a test
situation, I would not call the results definitive as far as a performance
test. First I really don't consider MS Proxy 2.0 to be a Firewall; it has
SOME firewall features and that's about it.....Just curious, what was the
hardware platform used to test Checkpoint? Intel and NT, Solaris and an
Ultra Sparc, or perhaps maybe a Nokia box? Of course the other
consideration is, what exactly is considered NAT on MS Proxy?? It can by
no means do the same level of NAT as Checkpoint....(Example, can MS Proxy
NAT both the source AND destination of a packet at the same time? Can it
do this based on the type of service AND the source or destination as a
determining factor? I think not.... So of course there is a price to pay
for this level of NAT....Does MS Proxy do anything other than a standard
Many-to-one NAT? Can I do a simple
Source Dest XSource XDest
24.2.2.1 38.147.1.1 192.168.1.1 192.168.1.2
In this case I am not routing Internet addresses on an internal net, but I
want Internet traffic to be translated to a box. Since I don't route
INet traffic, hide the Inet behind an extra address(By the by, how well
does multiple/virtual IP work with MS Proxy?Can I have 50 virtual
addresses on an NT box with MS Proxy 25 Inet Legal, 25 private and do a 1
to 1 nat?) on the private side of
the Firewall. Additionally, ONLY do the NAT if the incomming service is
say SMTP......
The a a few advantages to this, one is the fact I can split up the Inet
legal addresses I have, this helps if you only have a few. So, I could
use the above example.....
NAT Tables
Internet Legal -XLate to- Private Net Service
38.147.1.1 192.168.1.2 SMTP (Port 25)
38.147.1.1 192.168.1.3 HTTP(Port 80)
38.147.1.1 192.168.1.4 SSH(Port 22)
Anything else is not even translated/routed, just dropped....
As you can see, this helps if you have limited Internet IP addresses...
On Tue, 12 Jan 1999, Brian Steele wrote:
> See the following link, particularly the "stress test" section:
>
> http://www.data.com/lab_tests/ntfirewalls.html
>
> MSP 2.0 hit 62.7 Mbits/sec with NAT enabled, and Heatseeker Pro hit 96.34
> Mbits/sec without NAT. This is probably far and above many people's needs.
> It's certainly above mine, considering our company's external link is 512KB
> :-). At what speed would your external link have to be in order for a
> firewall capable of 62.7 Mbits/s to become a bottleneck?
>
> Interestingly enough, the Raptor and Checkpoint solutions' performance was
> among the lowest, but I'm sure most offices can live with 34 Mbits/s and
> higher throughput quite easily. I tend to agree with Data Communications'
> stance that Firewall performance is secondary to security or management.
>
> Regards,
> Brian Steele
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
