Thread: Hardware Opinions - Server and Quadport Cards
View Single Post
  #1 (permalink)  
Old 2007-10-25
fdamstra fdamstra is offline
Junior Member
  
Join Date: 2006-05-20
Posts: 28
Rep Power: 0
fdamstra has an average reputation (10+)
Default Hardware Opinions - Server and Quadport Cards
We're upgrading our hardware, and I need some opinions.

Our setup:
Single management server
Two enforcement nodes running Splat Pro
12 physical interfaces per firewall

We have 2 DS3's for Internet connectivity, and obviously a high degree of segmentation in our networks. We have about 5000 users any given day, though most are restricted by 64kbps WAN pipes. On some segments, there are backups or other high-volume transfers, but the bulk of our traffic is low bandwidth/small packet size interactive sessions (similar to telnet/ssh).

We're looking at replacing the enforcement nodes with a pair of IBM x366 systems. These are not on the official "supported" list, but the specs are similar to others that are. These will be single processor 3.6GHz Xeons with 4GB RAM.

Our main concern is the interfaces. We feel that if we're buying hardware now, we should be looking at gigabit interfaces. Since we need at least 11 interfaces, we're looking at 3x quadport cards. Lastly, the x366's are PCI-X, , our choices are limited to the following cards (from checkpoints list):
HP NC340T
Intel Pro/1000 GT Quad
Sun Gigaswift X4445A

The HP cards seem to have been discontinued/replaced, and we're really unhappy with HP right now due to some lemon hardware and support issues, so they're out.

We'd like the Intel cards, but looking at their support documentation, they appear to have issues with the IBM x365 and x370, and further, they recommend that you don't add more than 2 of these to a server (and we'd be looking at 3). While these aren't the exact IBM models we're looking at, we're uncomfortable with them.

So that leaves us with the Sun cards. They're a bit pricey (retail $750/ea as opposed to about $500/ea for the Intel cards). We can't find any similar notices about the compatibility, but that could just mean that Sun makes it harder to find.

Anybody have recommendations or, more importantly, "don't do it" advice? Should we be looking at different servers than the IBM x366's (that doesn't help with the interface card choice)? Anybody have a favorite supported quad port GigE card that's not listed on checkpoint's site? How do you pick hardware for a great, solid, checkpoint firewall?
Reply With Quote