[j-nsp] [c-nsp] Firewalls "as-a-service" in an MPLS infrastructure...

Matthew North matthew.north at gmail.com
Sat Jul 9 15:12:50 EDT 2011 

See my email below and Fortinet blade doc, 250 per 5001 fortigate blade so yes in a filled chassis of forigate blades you could get up to 3000 vdoms. (get 500 vdoms per blade with license upgrade on 5001b)
But I agree, talk to your sales rep. The numbers I gave is what my company tested/recommended  by the vendors that runs in our production environments.

fortinet.com/doc/FGT5000Series.pdf



On Jul 9, 2011, at 12:22 PM, Derick Winkworth <dwinkworth at att.net> wrote:

> From Fortinets website:
> 
> #####
> 
> Chassis-based models can support up to 3000 VDOMs
> #####
> 
> Talked to Fortinet rep and confirmed it.  its not that they "recommend" 250, its 
> just that beyond 250 there is no support for some of the advanced features 
> Fortinet considers their special sauce (e-mail scanning, etc).
> 
> I'm pretty sure the actual maximum number of allowed VRs/zones on a 3k SRX is 
> 1000.  Or it will be soon.  I'll verify that later this evening.  The number of 
> LSYS is in fact 32. However you don't get all those zones/vrs/nats/FW rules per 
> lsys, those are just spread out across the LSYS...
> 
> The ASA I think can support up to 500 contexts now, but with contexts enabled 
> I'm hearing there is no crypto support.  I'm not sure this is an impediment for 
> us but I can see it being an issue for folks.
> 
> 
> 
> Derick Winkworth
> CCIE #15672 (RS, SP), JNCIE-M #721
> http://blinking-network.blogspot.com
> 
> 
> 
> 
> ________________________________
> From: Matthew M North <matthew.north at gmail.com>
> To: Chandler Bassett <cbass.nsp at gmail.com>
> Cc: dwinkworth at att.net; juniper-nsp at puck.nether.net; cisco-nsp at puck.nether.net
> Sent: Thu, July 7, 2011 9:57:21 PM
> Subject: Re: [c-nsp] Firewalls "as-a-service" in an MPLS infrastructure...
> 
>>> Fortinet does thousands of thier VDOMs (virtual-firewalls) on a single unit...
> 
> Thousands->no.
> They do 250 VDOMs on the high end units (3000 series), 500 VDOMs I
> heard on the 5001B (with some special licensing, haven't see or tested
> yet, they recommend max 250).
> 
> Juniper SRX you can use VRs & security zones. On Junos 10.4+ get 250 VRs.
> 5800 you can get 500 VRs. Have gotten # for lsys yet.
> 
> 
> On Thu, Jul 7, 2011 at 2:35 PM, Chandler Bassett <cbass.nsp at gmail.com> wrote:
>> I thought the ASA blade was for the 6500's?
>> 
>> On Wed, Jul 6, 2011 at 11:47 AM, Derick Winkworth <dwinkworth at att.net>wrote:
>> 
>>> Thoughts on this blog entry?
>>> I wonder if Cisco will support BGP on ASA soon.. I know people have been
>>> asking for it.  It would be nice if it had something Netconf on it too...
>>> The new ASA blade is coming out for Nexus I hear, anyone know how many
>>> virtual-firewalls it will support?  Juniper's SRX will do LSYS soon.. 32 per
>>> box.  That seems like a low number. Fortinet does thousands of thier VDOMs
>>> (virtual-firewalls) on a single unit...
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list