[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OT]: PF Survey



[ Preface: This message isn't intended to start a religious battle; ]
[ I believe we are all on this list because we believe that pf is   ]
[ best-suited for whatever needs it's servicing. I'm just looking   ]
[ for information in general! :)                                    ]
We're doing a quick comparison between a couple Netscreen 500's and pf.
With our netscreen's we've run into state limitations, limitations on the
number of rules, defined addresses, etc. I've seen some of you posting
here that you have pf happily working in large environments. Would it
be possible for some of you to share aggregate information such as
 - The number of rules you have defined in large rulebases.
 - The average number of states you maintain on busy firewalls on
   large networks.
 - How much memory you typically use in busy firewalls, etc.
 - Anything else you wish to share!
This information is mostly to provide to management in order to 
start migrating out from proprietary hardware. I fully understand that
the ASIC chips in the netscreen's really do benefit in terms of speed, but
the cost is amazingly high ($26k for a single 500!).
Thanks -- if you wish to keep your answers off-list, please email me at
<[email protected]>
Any information provided in our benefits summary will be anonymized.
Thanks!
- Eric