[nsp] Fwd: cisco pix 515

Matt Ploessel matt.ploessel at foundstone.com
Wed Apr 16 11:34:46 EDT 2003


>can a pix handle upto a ds3 worth of traffic? (in this case the traffic
mainly consists of email and regular browser traffic)

It would of course depend on flows, pps vs your ACL filtering intensity,
and possibly licenses. According to cisco PIX 515E "provides up to 188
Mbps of firewall throughput with the ability to handle as many as
125,000 simultaneous sessions. Certain PIX 515E models includes stateful
high-availability capabilities, as well as integrated support for 2,000
IPsec tunnels." Older PIX's I remember cisco quoting 100k sessions for
515UR, and 50k sessions if restricted by software.

>i am looking for some real world traffic numbers on what a cisco pix
515 can handle. 

Stephen Gill has a paper which covers firewall resource limitations per
vendor. Its targeted more from an attack defense perspective but may
give you the extreme "real world" stats your looking for.

http://www.qorbit.net/documents/maximizing-firewall-availability.htm


Matthew Ploessel
Network Engineer
Foundstone Inc.
(949) 297-5622
https://www.foundstone.com/pgpkeys/matt_ploessel.asc
PGP fingerprint = 5233 27A0 E504 2887 0F6F  0218 7495 1EB2 F182 E914
**DISCLAIMER : Opinions expressed may not necessarily reflect the
opinion of my employer


> -----Original Message-----
> From: nk at suspicious dot org [mailto:nk at suspicious.org] 
> Sent: Tuesday, April 15, 2003 4:24 PM
> To: cisco-nsp at puck.nether.net
> Subject: [nsp] Fwd: cisco pix 515
> 
> 
> 
> > hi all - i am looking for some real world traffic numbers on what a
> > cisco
> > pix 515 can handle. can a pix handle upto a ds3 worth of 
> traffic? (in
> > this case the traffic mainly consists of email
> > and regular browser traffic)
> >
> > tia
> > -nk
> >
> >
> >
> >
> > beauty lies in the hands of the beer holder 		
> -anonymous
> >
> > 
> ----------------------------------------------------------------------
> > -
> > spy
> > 
> --------------------------------------------------------------
> ---------
> 
> 
> 
> nkombiyil1 at nyc.rr.com / nk at tripudiamos.com
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/cisco-> nsp
> archive at 
> http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list