How much more? The answer is to prototype and benchmark. But if you're approaching a hundred rule evaluations per packet, or plan to run proxies, network intrusion detection, heavy logging, or other such things, you will need more CPU power. ![]() If we're talking about the simplest possibility of a dozen rules with some state-keeping, the cheapest Core i5 will probably get the job done. The number of CPU cycles per packet will depend highly on your firewall rules. I have been a fan of the Intel PRO series NIC's for ages. That said, the first critical choice regards network interface cards. From that perspective, you should either purchase extremely reliable server-grade hardware with redundant and hot-swap wear parts - or build a pair of machines, and use a protocol like CARP to control failover between them. ![]() Remember first of all that a failure of your firewall will have an impact on your entire network. The first step is to check your firewall settings and make sure they are not too restrictive or conflicting with other programs.
0 Comments
Leave a Reply. |