Robert,
Well, I know for sure that there was a "bug" in 4.0 (can't recall if it's
been fixed with SP5-6) in which, under very high load, the firewall would
stop NATting and start forwarding internal addresses to it's external
interface. But, to my knowledge, it still only allowed packets to pass as
defined by the rulebase. So we can probably assume that under very high
loads, less priority is given to NAT. I've seen this activity on a 4.0 SP1
machine running on a Sun E3000 when the CPU load was >5.5 . Just my .02.
Jason
At 08:41 PM 6/14/00 +1200, you wrote:
>
>What does FW-1 one do when it cannot handle the bandwidth? Does it revert
>to the installation option of IP Forwarding?
>
>A) Control IP forwarding and drop overload
>
>B) Do not control and forward the overloaded data
>
>Has anyone seen what happens when you get to this point?
>
>Cheers
>Rob Purdy
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of
>Hennessy, Greg (London)
>Sent: Tuesday, 13 June 2000 7:51 p.m.
>To: '[EMAIL PROTECTED]'
>Subject: Re: [FW1] Gigabit support
>
>
>
>
>> Does FW-1 support gigabit troughput?
>
>Not on a single firewall module, That level of thoughput will require a
>firewall farm surrounded by L4 switches. The last implentation I saw for
>handling gigabit ethernet took IIRC 15-16 Solaris boxes.
>
>
>greg
>
>
>--
>Greg Hennessy
>E-Security Mechanic Merrill Lynch - HSBC LTD
>+44 020 7570 3046
>
>
>
>
>--
>**********************************************************************
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the [EMAIL PROTECTED]
>
>This footnote also confirms that this email message has been swept by
>MIMEsweeper for the presence of computer viruses.
>
>**********************************************************************
>
>
>============================================================================
>====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>============================================================================
>====
>
>
>
>===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
