Walter,
I
would suggest the VPN Accelerator, as it does take quite a load off of your main
processor(s). NOTE that the accelerator does NOT work for any encryption,
it only works for IKE/IPSEC.
If you
have the money, go dual, 550mhz is sufficient, as the hardware and OS will be
your bottleneck. We installed more RAM than we would ever need, (640Mb)
and we are only using some 130MB with NO swapping. Our system has 12
interfaces (3 x Adaptec AHA-6944A/TX Quad Cards) and runs at 4% utilization with
spikes to 100% when installing a new policy or ~40% when filtering a log
view.
We are
very happy with our hardware (a Compaq Proliant 1600 6/450 single processor) and
plan to upgrade sometime in 2003.
YMMV,
but be sure to check out our performance tuning document at http://www.noblesouth.com/downloads/firewallperfnt.pdf
Cheers,
Jim
Noble.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, May 24, 2000 2:54 AM
To: [EMAIL PROTECTED]
Subject: [FW1] VPN Performance
Does anyone have any advice on sizing hardware for a given VPN load ?
What is a suitable hardware platform, ( must be running WinNT ) for a FW1 installation supporting 200 simultaneous VPNs with a combined traffic of upto 2Mb
Is a dual 550Mhz CPU machine more suitable than a single 700Mhz one ?
how much RAM. ?
is a VPN-1 Accelerator Card recommended ?
Any advice or real world experiences greatly appreciated.
Regards
WM
