[j-nsp] [c-nsp] Firewalls "as-a-service" in an MPLS infrastructure...
Derick Winkworth
dwinkworth at att.net
Sat Jul 9 12:22:10 EDT 2011
>From Fortinets website:
#####
Chassis-based models can support up to 3000 VDOMs
#####
Talked to Fortinet rep and confirmed it. its not that they "recommend" 250, its
just that beyond 250 there is no support for some of the advanced features
Fortinet considers their special sauce (e-mail scanning, etc).
I'm pretty sure the actual maximum number of allowed VRs/zones on a 3k SRX is
1000. Or it will be soon. I'll verify that later this evening. The number of
LSYS is in fact 32. However you don't get all those zones/vrs/nats/FW rules per
lsys, those are just spread out across the LSYS...
The ASA I think can support up to 500 contexts now, but with contexts enabled
I'm hearing there is no crypto support. I'm not sure this is an impediment for
us but I can see it being an issue for folks.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://blinking-network.blogspot.com
________________________________
From: Matthew M North <matthew.north at gmail.com>
To: Chandler Bassett <cbass.nsp at gmail.com>
Cc: dwinkworth at att.net; juniper-nsp at puck.nether.net; cisco-nsp at puck.nether.net
Sent: Thu, July 7, 2011 9:57:21 PM
Subject: Re: [c-nsp] Firewalls "as-a-service" in an MPLS infrastructure...
>>Fortinet does thousands of thier VDOMs (virtual-firewalls) on a single unit...
Thousands->no.
They do 250 VDOMs on the high end units (3000 series), 500 VDOMs I
heard on the 5001B (with some special licensing, haven't see or tested
yet, they recommend max 250).
Juniper SRX you can use VRs & security zones. On Junos 10.4+ get 250 VRs.
5800 you can get 500 VRs. Have gotten # for lsys yet.
On Thu, Jul 7, 2011 at 2:35 PM, Chandler Bassett <cbass.nsp at gmail.com> wrote:
> I thought the ASA blade was for the 6500's?
>
> On Wed, Jul 6, 2011 at 11:47 AM, Derick Winkworth <dwinkworth at att.net>wrote:
>
>> Thoughts on this blog entry?
>> I wonder if Cisco will support BGP on ASA soon.. I know people have been
>> asking for it. It would be nice if it had something Netconf on it too...
>> The new ASA blade is coming out for Nexus I hear, anyone know how many
>> virtual-firewalls it will support? Juniper's SRX will do LSYS soon.. 32 per
>> box. That seems like a low number. Fortinet does thousands of thier VDOMs
>> (virtual-firewalls) on a single unit...
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the juniper-nsp
mailing list