T1 to Firewall with VPN. Help me understand better.
Ok I'm a little bit confused.
T1 is 1.54Mbps a sec. (Captial Mbps is what? MegaBits per sec?) So technically if I purchase a Firewall with 1.54Mbps max throughput it should handle a T1 connection fine. No?
So what I'm trying to figure out, is when do I need to go to a bigger firewall.
Example:
Client of mine has a firewall with max 150MBps, well if a T1 is 1.54, then 150 seems a lot. Why would they need to go up to say, 200, or 275MBps. Or why even 1.54Gbps, which I've seen on some high end ones.
Is there a way I can determine easliy?
Then there is the matter of VPN.
This client example has one main location with a T1, that firewall is only 150Mbps Max Througput and 40MBps for VPN. So I'm thinking, ok 150 Max for the T1, that's good, and all 8 locations can get 40Mpbs max. Of course now I'm think that adds up to 320Mbps, but they dont need all 40Mbps, if a T1 again is 1.54Mbps. So if all 8 locations are using the firewall evenly plus the main office tha's 17.11kbps each?
I'm just a bit confused.
So how do I properly determine what throughput a client needs if they are on a T1?
What would you recommend for 8 locations and a main office to be on VPN. All internet, email, domain login goes through main office out T1.
Even now the VPN site takes like 8min to logon to the domain, it's awful.
T1 is 1.54Mbps a sec. (Captial Mbps is what? MegaBits per sec?) So technically if I purchase a Firewall with 1.54Mbps max throughput it should handle a T1 connection fine. No?
So what I'm trying to figure out, is when do I need to go to a bigger firewall.
Example:
Client of mine has a firewall with max 150MBps, well if a T1 is 1.54, then 150 seems a lot. Why would they need to go up to say, 200, or 275MBps. Or why even 1.54Gbps, which I've seen on some high end ones.
Is there a way I can determine easliy?
Then there is the matter of VPN.
This client example has one main location with a T1, that firewall is only 150Mbps Max Througput and 40MBps for VPN. So I'm thinking, ok 150 Max for the T1, that's good, and all 8 locations can get 40Mpbs max. Of course now I'm think that adds up to 320Mbps, but they dont need all 40Mbps, if a T1 again is 1.54Mbps. So if all 8 locations are using the firewall evenly plus the main office tha's 17.11kbps each?
I'm just a bit confused.
So how do I properly determine what throughput a client needs if they are on a T1?
What would you recommend for 8 locations and a main office to be on VPN. All internet, email, domain login goes through main office out T1.
Even now the VPN site takes like 8min to logon to the domain, it's awful.
ASKER
So then..
A firewall witha max 150Mbps (40Mbps VPN) at a main location with a T1 connection, and say 9 remote sites with Cable/DSL connection wanting to use VPN for Internet and Network Filesharing.
Or your opinion would be or not be sufficent?
How should I properly figure out the proper Mbps I'm going to need at the main location?
Do I need to go up to a 250Mbps and 95Mbps VPN? I dont know.
I'll give you the points, lets just talk over this a little bit. I really would like to know if it's not adequte.
If they're being restricted by their connection and are looking at uping the speed to accomidate the over load, a better solution might be (for a windows enviro) is to put DCs into each branch office. This will elliviate the logon problem, and reduce the congestion over the links. It would also likely work out to be cheaper then getting faster lines in.
For filesharing a local file server with replication might be more beneficial aswell.
This can still be managed centrally at the main office.
The other question is how much traffic will there be? Will all the offices be trasmitting/receiving constatntly at the same time ?
For filesharing a local file server with replication might be more beneficial aswell.
This can still be managed centrally at the main office.
The other question is how much traffic will there be? Will all the offices be trasmitting/receiving constatntly at the same time ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you still working on this? Can we be of any more assistance?
Can you close out this question?
Can you close out this question?
As an interested observer and subscriber to this thread, I believe lrmoore answered it quite thoroughly... Just an observation..
FE
FE
Another consideration, especially for larger companies is the use of DMZ's, or protected networks that are semi-publicly accessible. Perhaps a web server farm that needs high-speed access to back-end database servers. Even though they may have an egress port only capable of 1.5Mbps, the interaction between multiple LAN interfaces may require Gigabit capabilities through the firewall. (Yes, that is Megabits per second, not MegaBytes)
Take for argument example, the Cisco PIX series. Starting with the paperback book sized little 501, the tech specs say it will handle 60Mbps cleartext throughput, 7500 concurrent connections, and 4.5 Mbps throughput over VPN with 128-bit AES encryption. Quite impressive for a box designed for SOHO (Small Office, Home Office)<10 users. Licensing is in three modes -10, 50 or unlimited users. Limitation: no capability for DMZ interfaces. It has inside and outside only. No failover capability. Limited VPN connections (10)
Next, the big boy Enterprise version of the PIX line is the 535 with up to 1.7Gbps, 500,000 connections, 256-bit AES VPN throughput up to 425Mbps, and 2000 simultaneous VPN tunnels. When you need Multiple DMZ interfaces all at gigabit speed, this the workhorse.
Many firewalls try to combine the firewall functions with packet filtering, or AntiVirus, web content control, VPN, etc. The bottom line is to look for the features that you need, at the price point that you can afford.