On 7/8/05, Kirill Ponazdyr <ng1@> wrote: > Hello, > > We are in need of "core" firewall for our new datacenter. > > This firewall will not be directly connected to internet but rather > serve as a separator for security zones within the "application" part > of our network, classical fileserver traffic will not go thru this > firewall. > > Network is full duplex 100Mbps Ethernet, there will be 25 machines > split into 6 zones, we estimate that our rules will be around 200 > lines per zone. No Syproxy, no NAT, no QOS, "just" a stateful packet > filter. > > The largest traffic types would be: http/s,postgres,imap and a daily > backup which runs over network. > TCP connections wise we expect to see no more then 30k concurrent > connections, so taking 60k as a goal would fit very well. > > We would like this firewall to be able to fill 2 of its 100mbs ports > with duplex traffic (400Mbps) at any given moment without significant > latency due to the firewall itself. >
Since your network is only 100Mpbs my recommendation is a dlink ehternet card. Now I may not be fully correct but from my experience it performs well :-) kind regards Siju > Which hardware would you advise for such environment? > > Any gotchas / hints to watch out? > > Kind Regards > > Kirill > ------------------------------------------------- > When replying via E-Mail, please remove duplicate > "@" from the address. > ------------------------------------------------- >
