4 Replies Latest reply: Feb 13, 2013 2:28 PM by grinder RSS

    S2008 Capabilities?

    grinder

      I would like some input on the capabilities of the S2008 MFE v8.3.0  The current plan is to have our internal network attached to EM1.  EM1 will have multiple IP's to account for our multiple subnets.  Our Subnets would be something like this example:

       

              Subnet                              Firewall Interface IP                    Description

      192.168.0.0/24                             192.168.0.1                             Administration (Switches, etc.)

      192.168.0.1/24                             192.168.0.2                             Servers

      192.168.0.2/24                             192.168.0.3                             Business Computers

      192.168.0.3/24                             192.168.0.4                             Printers & Scanners

      192.168.0.4/24                             192.168.0.5                             Test Equipment

      192.168.0.5/24                             192.168.0.6                             WLAN

      192.168.0.6/24                             192.168.0.7                             Video Cameras

      192.168.0.7/24                             192.168.0.8                             Future Use

       

      Currently the network only has a few L2 "dumb" switches.  I have figured out how to do packet forwarding between the different subnets on EM1 via the firewall, thanks to a lot of help here.  But I am concerned about if the firewall can handle that much traffic on the interface.  Basically all traffic will arrive at EM1 and then be routed to the appropriate subnet or out to the WAN.  So anytime a business computer needs to access a server or printer it would do so through the firewall interface instead of directly through the switches.  The immediate benefit I see to this is being able to scan data going to the servers for viruses etc.  Can anyone tell me if the firewall can handle this traffic load or will it slow down everything?  What would be the best recommendation?

        • 1. Re: S2008 Capabilities?
          mtuma

          Hello,

           

          The main thing that I think you should be concerned with is not how many subnets there are, but instead how many clients and how much traffic they pass. As you mention, virus scanning is also an option, but will cause more load on the firewall.

           

          Here is a link to a document that shows the recommended number of users that you should have for a S2008 (300 users). It is not to say that it cannot handle more than that. Please also take a look at the "Performance" section of that page.

           

          Finally, I recommend that you contact sales as they are going to be able to help you size the correct appliance for your network.

           

          -Matt

          • 2. Re: S2008 Capabilities?
            grinder

            I do not see the link in your post that you refer to.  Our office is only about 35 people at the moment but will be growing.  I do not see us getting to 300 users or even close to that anytime in the foreseeable future.  My biggest concern was all of the traffic and routing happening on a single interface port.  Is that too much traffic for a single port to handle or do we need to buy routers and all that?

            • 3. Re: S2008 Capabilities?
              mtuma

              For some reason it seems like my link was removed, I'll try it again:

               

              http://www.mcafee.com/us/products/firewall-enterprise.aspx#vt=vtab-Requirements

               

              I think that the port should be just fine with only 35 users. They are gigabit interfaces, do you know what speed your switches are?

               

               

              -Matt

              • 4. Re: S2008 Capabilities?
                grinder

                Thanks for the link.  All of the switches are 1Gb.