PDA

View Full Version : performance on UTM1 270



ikoika
2009-03-24, 17:25
Hi

I need to change my firewall with Internet access 10Mb in and out. We have 80users, don't want to use Antivirus, and Url filtering on http/ftp. I'm little worry about throuput (400Mbit/s) on 270 between 1,6Gbit/s on 570. does anyone have information about performance on UTM1 270 ?

regards

chillyjim
2009-03-24, 20:21
If you're not using URLF & AV, then a 270 should be fine.

Roluf
2009-05-02, 12:15
Hi

We have tested 270 and 570 for a customer. Both machines are build upon the same HW plattform:
- mortherboard with notebook chipset
- CPU: Celeron-M 1,5Ghz
- 1GB RAM (DDR2-533, but runs with FSB 400)
- 160GB WD SATA2 harddisk (special server edition)
- 4*1GB Nics (UTM-1 270) or 6*1GB Nics (UTM-1 570)
Hint: on UTM-1 570 the first 4 NICs are linked via PCIexpress to CPU,
the other two ones uses 32Bit-PCI only.

We built a test environment with two "internal" networks, an "internet"
and two firewalls (one SPLAT VPN-Cluster on HP DL380) and one UTM-1.
Inside the "internal" networks there were two other DL380 as traffic generator.

Our tests had the focus only on speed, therefore we only had activated
the FW and VPN moduls (now called "blades" :-). As test software we
used "iperf" on linux (we tried tcp and udp setups).

Result:
Both boxes have real equal performance characteristics. In case you
test with two nics you can get a max. troughput of 300Mbps (FW) or
75Mbps (VPN). After theese limits the platform becomes overloaded and
drops packets.

In case you have only a 10Mbps link, you can use a 270. But be careful
with the power a content filter will use.

with regards
Roluf

PS: I don't know how CP does get its specs!

chillyjim
2009-05-03, 08:11
PS: I don't know how CP does get its specs!

Start here...
1. RFC 3511: Benchmarking Methodology for Firewall Performance.
http://www.ietf.org/rfc/rfc3511.txt?number=3511
2. RFC 2647: Benchmarking Terminology for Firewall Performance
http://www.ietf.org/rfc/rfc2647.txt?number=2647
3. RFC 2544: Benchmarking Methodology for Network Interconnect Devices
http://www.ietf.org/rfc/rfc2544.txt?number=2544
4. RFC 1242: Benchmarking terminology for network interconnection devices
http://www.ietf.org/rfc/rfc1242.txt?number=1242
5. Spirent communication (Spirent - A leader in test, measurement and service assurance solutions (http://www.spirentcom.com))
6. NSS Labs - NSS Labs | independent security product testing and certification*-*nsslabs.com (http://www.nss.co.uk/)

Basically the same way as everyone else does

Thorpuse
2009-05-03, 09:05
The testing labs listed there don't reference testing done for these devices. I think it's a fair call to ask the parameters that CP's numbers are based on, and if these numbers are quoted, then there should be some sort of repeatable test scneario for it. If such a thing exsits, I would suggest this is a better response to the challenge put forward. Does CP have a testing report that is compliant with rfc3511 that it can present to disprove the numbers listed below?

I'm particularly concerned about the claim that the performance numbers for 270 and 570 are the same.