12-18-2011 11:36 AM
Just wondering what you guys think the max number of users you could put behind one of these? Normal workflow. Teachers and students. Just normal web surfing and email. Its licensed unlimited of course. Thanks
12-18-2011 08:41 PM
The classic answer is it depends... what are they doing, streaming video, voice, peer to peer, etc.
Limits are the actual bandwidth throughput and the number of sessions on the device.
Having said all that, I wouldn't want to put more than 20-30 normal users behind one personally. But if they're very light users (i.e. you restrict them down to what they can do!) you might get away with more.
12-18-2011 09:38 PM
Wow! I would have guessed at least 75. They are definitely very light users. No streaming, voice, p2p. Just surfing and email. What does it mean when they say 2000 concurrent sessions? Ive looked and looked and cant find a definitive answer to that. Thanks
12-18-2011 09:44 PM - edited 12-18-2011 09:54 PM
12-18-2011 11:25 PM
A session is any conversation happening between the zones on the firewall.
So, if you go to a dos prompt now and type
netstat -an |find /i "established"
You can see how many TCP sessions you currently have established - look for any that have a public source or destination and you will see how many would traverse the firewall. Bare in mind opening a webpage these days will generate lots of sessions, as images/adverts etc are all loaded separately.
So opening a graphic heavy page could generate 10 sessions (briefly). But the devices are well and truely end of lifed - see bellow
PSN Issue : This document announces the End of Life (EOL) for the NetScreen-5GT (NS-5GT) products. The EOL announcement for these products is effective 30-June-2008 with a last order date of 31-December-2008. Effective 1-January-2009, the above products will be removed from the price list and will no longer be orderable.
The new range of replacement firewalls, the SRX's, are several orders of magnitude more powerful...
Hope that helps!
12-19-2011 07:52 AM
Thanks for all the input. If I was going to look at the srx series. What would be best version for 100 users? Could I get away with the srx100? The client is a school and very short on funds so I am trying to do this as cheaply as possible. Thanks
12-20-2011 11:57 PM
Again, it depends how much "stuff" they are doing, but this might help
I expect the SRX100B would suffice if they are minimal users, like you suggest, and you're not doing much else. You can always upgrade to H version with a licence if you find you start running into session limits (just keep an eye on your logs, or setup alerts). If you want to use all the UTM features (webfiltering, anti-spam, anti-virus etc) you need the high memory version.
The SRX100B is actually the same physical hardware as the SRX100H, but you need to use a licence to activate the additional memory.
I hope that helps, and let me know if you have any problems with the deployment or would like to know anything about the other features.