|
||||||||||
On Thu, 16 Dec 2004, Chris Buechler wrote: Hi! > > I'd go with crossover cables only between devices (eliminate any > influence a switch might have), and try NAT and routing speeds > > Right. > > I believe that we can do this at work. My coworker is also interested > > in the results. He is a believer in PIX and I'm a m0n0wall > > evangelist, however I believe together we can give good fair testing > > and results. > > > > I just ran iperf from LAN to DMZ (routing, no NAT) on a 515E at a > steady 91-92 Mb. > > Compared to Soekris and WRAP, that blows them out of the water, but we > aren't talking even close to the same class of hardware (that PIX > costs around 12 times as much as a Soekris or WRAP). For WRAP and Soekris , yes, but you should more Compare a Cisco 501 with a Wrap , its (almost) the same size ;) > hardware and m0n0wall will come out way ahead. m0n0wall should come > out ahead on less than half the hardware, dollar wise, as a rough > guess. There are decent barebone firewall systems out there. I have a G478 from Iwill, and Portwell also makes some fine boxes. They should be a closer Match to a 515E (only have an 515 without E at home) > > I'm a Cisco nut myself, but I'll take a m0n0wall over a PIX any day. > Why? :) > > iperf is probably a good tool for the job, but that only tests a > single TCP stream. That's a good indicator of max throughput, but not > of how scalable the firewall really is (you aren't going to push 92 Mb > through your firewall on a single TCP stream, generally, maybe over a > few thousand TCP connections). I'd hit Google and see what kind of > other testing tools you can dig up. I'd definitely be interested in > anything you come up with. You could also try the free availble tool Qcheck from ixia. regards Rob. -- nic-hdl RD-RIPE http://www.bay13.de/ e-mail: robert at bay13 dot de 1024D/9723F471 : 90A9 6761 A630 583D F6DB 6A8C C570 7719 9723 F471 |