[j-nsp] [c-nsp] Firewalls "as-a-service" in an MPLS infrastructure...
Matthew North
matthew.north at gmail.com
Sat Jul 9 15:12:50 EDT 2011
See my email below and Fortinet blade doc, 250 per 5001 fortigate blade so yes in a filled chassis of forigate blades you could get up to 3000 vdoms. (get 500 vdoms per blade with license upgrade on 5001b)
But I agree, talk to your sales rep. The numbers I gave is what my company tested/recommended by the vendors that runs in our production environments.
fortinet.com/doc/FGT5000Series.pdf
On Jul 9, 2011, at 12:22 PM, Derick Winkworth <dwinkworth at att.net> wrote:
> From Fortinets website:
>
> #####
>
> Chassis-based models can support up to 3000 VDOMs
> #####
>
> Talked to Fortinet rep and confirmed it. its not that they "recommend" 250, its
> just that beyond 250 there is no support for some of the advanced features
> Fortinet considers their special sauce (e-mail scanning, etc).
>
> I'm pretty sure the actual maximum number of allowed VRs/zones on a 3k SRX is
> 1000. Or it will be soon. I'll verify that later this evening. The number of
> LSYS is in fact 32. However you don't get all those zones/vrs/nats/FW rules per
> lsys, those are just spread out across the LSYS...
>
> The ASA I think can support up to 500 contexts now, but with contexts enabled
> I'm hearing there is no crypto support. I'm not sure this is an impediment for
> us but I can see it being an issue for folks.
>
>
>
> Derick Winkworth
> CCIE #15672 (RS, SP), JNCIE-M #721
> http://blinking-network.blogspot.com
>
>
>
>
> ________________________________
> From: Matthew M North <matthew.north at gmail.com>
> To: Chandler Bassett <cbass.nsp at gmail.com>
> Cc: dwinkworth at att.net; juniper-nsp at puck.nether.net; cisco-nsp at puck.nether.net
> Sent: Thu, July 7, 2011 9:57:21 PM
> Subject: Re: [c-nsp] Firewalls "as-a-service" in an MPLS infrastructure...
>
>>> Fortinet does thousands of thier VDOMs (virtual-firewalls) on a single unit...
>
> Thousands->no.
> They do 250 VDOMs on the high end units (3000 series), 500 VDOMs I
> heard on the 5001B (with some special licensing, haven't see or tested
> yet, they recommend max 250).
>
> Juniper SRX you can use VRs & security zones. On Junos 10.4+ get 250 VRs.
> 5800 you can get 500 VRs. Have gotten # for lsys yet.
>
>
> On Thu, Jul 7, 2011 at 2:35 PM, Chandler Bassett <cbass.nsp at gmail.com> wrote:
>> I thought the ASA blade was for the 6500's?
>>
>> On Wed, Jul 6, 2011 at 11:47 AM, Derick Winkworth <dwinkworth at att.net>wrote:
>>
>>> Thoughts on this blog entry?
>>> I wonder if Cisco will support BGP on ASA soon.. I know people have been
>>> asking for it. It would be nice if it had something Netconf on it too...
>>> The new ASA blade is coming out for Nexus I hear, anyone know how many
>>> virtual-firewalls it will support? Juniper's SRX will do LSYS soon.. 32 per
>>> box. That seems like a low number. Fortinet does thousands of thier VDOMs
>>> (virtual-firewalls) on a single unit...
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list