NOKIA AND NGX

Hi there,
   
  If you are looking at 500 site-to-site VPNs, I would
highly recommend that you go
  with Cisco VXR7206 router.  With Cisco devices, you can
terminate a lot of site-to-site
  VPNs.  Furthermore, if you have requirements to run
dynamic routing protocols over
  IPSec tunnel, Cisco is a better prefer choice than
Nokia/Checkpoint.  I currently have
  a customer running 450 site-to-site VPNs on a Cisco
VXR7206 router with IOS version
  12.3T.  The VXR7206 router is the hub device and it is
pushing about 250Mbps of 
  AES-256/SHA-1/DH2 traffics and it is also running OSPF via
GRE and encrypted with
  IPSec.  
   
  I think NGx supports Virtual Tunnel Interface which is
similar to cisco GRE but I've
  never used it so I can not comment on it.  Checkpoint is a
good product but I think
  with that many site-to-site VPNs, Cisco is a better
solution.  Notice that I didn't 
  recommend to use Cisco Pix/ASA either.  Generally
speaking, Firewall is not a high
  performance VPN product.  Neither Cisco Pix and Checkpoint
firewall can provide
  the VPN flexibility that Cisco router does.
   
  That's my 2c.
   
  cisco4ng

"Khan, Irfan" <irfan.khanFLSMIDTH.COM> wrote:
  We use a Nokia 350 with 600 users. It has 512 RAM. We are
using NG AI
55. I have heard NGX is more resource intensive and needs
around 1 GB
RAM for better and faster performance

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Alvaro
Gastambide
Sent: Friday, February 24, 2006 4:21 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] NOKIA AND NGX

Hi, i need a firewall to make 500 VPN site to site....

What nokia and check point do you recomend ? Thanks


Alvaro Gastambide

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================


		
---------------------------------
 Yahoo! Mail
 Use Photomail to share photos without annoying attachments.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

cisco4ng wrote:
> Hi there,
>    
>   If you are looking at 500 site-to-site VPNs, I would
highly recommend that you go
>   with Cisco VXR7206 router.  With Cisco devices, you
can terminate a lot of site-to-site
>   VPNs.  Furthermore, if you have requirements to run
dynamic routing protocols over
>   IPSec tunnel, Cisco is a better prefer choice than
Nokia/Checkpoint.  I currently have
>   a customer running 450 site-to-site VPNs on a Cisco
VXR7206 router with IOS version
>   12.3T.  The VXR7206 router is the hub device and it
is pushing about 250Mbps of 
>   AES-256/SHA-1/DH2 traffics and it is also running
OSPF via GRE and encrypted with
>   IPSec.  

72006vxr NPE-G1 dies at about 80-90Mbps of IPSEC with 3DES
encryption.

>    
>   I think NGx supports Virtual Tunnel Interface which
is similar to cisco GRE but I've
>   never used it so I can not comment on it.  Checkpoint
is a good product but I think
>   with that many site-to-site VPNs, Cisco is a better
solution.  Notice that I didn't 
>   recommend to use Cisco Pix/ASA either.  Generally
speaking, Firewall is not a high
>   performance VPN product.  Neither Cisco Pix and
Checkpoint firewall can provide
>   the VPN flexibility that Cisco router does.
>    

if you have a _lot_ of money to spend go with a nokia 1260
or 2200.
otherwise, buy a hp dl385, put splat on it, two cpus, 2GB of
ram,
activate performance pack and you're set to go.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================