Screen OS

I am hosting a linux webserver and we need to replace our firewall which is open source.  I am looking at the SSG550M but not sure  if this model fits the requirement.  the number of connections to this webserver at a time is 13,000 looking via netstat.  the SSG550M can accomodate 250k sessions. 

usually i compute the number of sessions by multiplying the number of users by 5(average sessions per connection on a user browsing the internet). however, in this case, its the incomming connections to the webserver so i'm not sure if this applies.  feel free to correct me if my assumptions are incorrect.

Thank you

In firewall terms, "a session is a session."

A session comprises a connection between two endpoints.  Usually the word "session" refers to TCP since it's a connection-based protocol.  However, firewalls also create sessions for UDP and ICMP traffic (and others... just an example) so that they can build a state table and permit bi-directional traffic without having to create explicit bi-directional rules.

When sizing a firewall, look not only at the total sessions, but also the new sessions per second rate (also known as the ramp-up rate).  That number will determine how fast the firewall can accept new connections into your network.

The SSG550 is a good machine built on the venerable ScreenOS.  It can also be converted to Junos, if you're really adventurous.  Personally -- I'd leave it on ScreenOS.

If your webserver shows an average of 13,000 connections at any given time, I might say the 550M could even be overkill, but that's going to depend also on your bandwidth needs.

Hi Keith,

Thank you for replying. I'll go with the 550M then since the site being hosted is expected to grow soon and more servers will be added.