On Oct 21, 2005, at 9:05 AM, alan walters wrote:
Your aren’t going to terminate the ssl connections on The firewall ??? what benefit would ssl accelerators provide.
different networks. my web servers protect themselves. the firewall is for our office :-) the web servers could use some SSL acceleration, which I'm not sure the soekris will provide (yet). the chipset supports it but the freebsd driver doens't use it, from what I've read.
Mostly I'd get the ipsec accelerator just for the knowledge of how it works and is set up, and the RNG. I think the soekris is good for this especially at the price...
I looked up the broadcom cards (impossible to find, nearly) and the best I could see was in the $1000-$2000 range, from Cicso no less. bizarre.
We are planning something similar at the moment. My present thoughts are to use opteron processors on the vpn servers. And run pfsense on that hardware.
well, you certainly will have the horsepower with opterons. they are wicked fast at slinging bits around..
And then forget above ssl and ipsec accelerators. Let the core hardware do the work. The stats that I have seen make me seem to think that acceleration is just generally lots of cpu and good throughput
The only benefit you'll probably see is the RNG. But with FreeBSD 5 or 6 on the opterons, the built-in RNG should pick up enough entropy from the disk and ethernet controllers. but who knows for sure :-(
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
