 Like a Nightmare to run NSF 6426
I don't know what Nortel claim it to be the one the best thruput firewall ... in my senario i am running with 7 of these cluster and all of them is not more than a dustbin for me . It's almost 1&1/2 year we integrated these firewall in our network by spending millions on this and i am still waiting for the resolution from Nortel for the problems which i am facing with these boxes .
1. VPN will Not work ( I am not saying , it's well documented in Nortel's release notes ) ------ This is true in may case unless i edited the conf file for the gateways it did worked , but this is not a resolution
2. Cluster in Load Sharing will not work for VPN ----- If you have major traffic in your network as i m having 10000 client at the back of this cluster and having 50 - 55 VPN site to Site tunnel and almost all the tunnels which are having the peer as Cisco , Netscreen and even checkpoint will drop off very frequently .
3. Latency ----- This is a major problem for me when i have the cpu utalized about 50 - 60 % the latency in LAN - DMZ - Extranet arm will go to 50 ms to 280 ms ...... ( i having NG AI R54 , NG FP3 running on solaris -- when they are 90 % i won't get even more than 3ms )
4. Intermitent Breaks ----- This is the very silent feature of this firewall you won't find this , i indeed relealised this after 1 year when for some reason there was frequent break in the connectivity for one of project and i routed the same traffic from my Solaris NG AI 54 Firewall and it worked no breaks at all .
5. Stability ----- One of the main reason for bringing these firewall in cluster mode was to have redundancy , but belive me it's not that easy to run Nortel Cluster
Over All the support for Nortel is terrable ( GNTS ) and with Checkpoint as well ...
If any one thinking to buy any of these read it and yes for some ppl it might seems to be a joke , but for me its like life going misreable .  | 
Like a Nightmare to run NSF 6426 
2007-10-31 
Linear Mode
