Mha said:
Hi Leythos
I have another question regarding Firebox x550e about throughput that is
specified:
- Firewall Throughput 300+ Mbps
- VPN Throughput 35 Mbps
- AV Throughput 50 Mbps
I'm a little concerned if I enable all UTM services
(Anti-Spam,Anti-Spyware,GW-AntiVirus,IPS...) will there be any problems
with performance or throughput at all?
We have 100/100 internet connection, so with all these services enabled,
also about 10 users will use client-site SSL VPN (sometimes), can I expect
any problems with Firebox performance or with firewall throughput?
Yes it matters. But is has nothing to do with bandwidth, network speed,
throughput, etc.
It matters with respect to the CPU of the Firewall. The more you give it to
do the longer it takes to process,..the longer it takes to process,..the
more "processor lag" you introduce. To speed it up you need a Model with a
faster processor.
I'm also wondering if there are any differences between Mobile VPN Tunnels
and SSL VPN tunnels? Since Firebox x550e only has 5 Mobile VPN client
licences included, but with Firmware PRO upgrade I get full (75) SSL VPN
client licences, I'm thinking of using SSL VPN access for all users who
will
Watchgaurd tends to rerite the dictionary to suit themselves or just simply
"make up" terminology out of nowhere.
Mobile VPN = what the industry called Remote Access VPN.
Watchgaurd used to call it MUVPN (Mobile User VPN)
This is individual "humans" that establish their own personal inbound VPN
connection into the LAN from the "outside". It is not meant nor designed to
"stay up". The user is supposed to connect,..do the job they connected to
do,...and then disconnect. This type of VPN can potentially, and often
does, disrupt the users ability to connect to things on thier own local LAN
during the time it is "up".
Remote Access VPN can use PPTP, L2TP, or IPsec
SSL VPN Tunnels = Wow, they are really getting "vague" here. SSL VPN can
mean a *lot of things* that are nothing alike. They might mean Site-to-Site
VPNs or they might mean Application Publishing via a web browser over
SSL,..which tecnically is not even true VPN. I've always though SSL VPN was
an oxy-moron that really meant nothing in reality and was just a Marketing
Term. It is a term used by products such as Whale that was bought-out by MS
and renamed "Intelligent Application Gateway" and incorporated into the
Forefront Security Suite. While at MS myself in a meeting with the ex-Whale
employees and some MS Forefront people I think I annoyed them by telling
them that I did not think it was a "true VPN" and that it should not be
called "SSL VPN" and that they should call it something else. It is also
similar to the Web Interface that Citrix is capable of using to make things
available to user.
Anyway,...if they use the term to mean what the industry calls Site-to-Site
VPN.....
Watchgaurd used to call this ROVPN (Remote Office VPN)
these probably nearly always use IPsec but some products like MS ISA Server
lets you choose between PPTP, L2TP, or IPsec which can be dictated by what
equipment it has to work with.
A Site-to-Site VPN is the connecting of two Networks over a VPN link. There
are no "humans" involved,..only computers. This type of connection is
designed and expected to be "always up". It does not disrupt or adversly
effect local traffic on either one of the connected LANs however the two
LANs need to have the routing schemes properly designed so that the correct
traffic goes over the VPN while other traffic does not.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------