Hardware Firewalls and RAM

Monkeydrye

We are looking at getting a new Hardware Firewall at work. My boss noticed that one of the choices (SonicWall) cann't have it's RAM increased past 512MB. Now, our current firewall has 128, and still runs fine. So I don't see why we would need more.

My question is: What do firewalls use the built in RAM for? I would suspect that it has to do with how much info it is processing. The more data, the more RAM used. I just want to be able to tell my boss "Yes we may need more RAM" or "That is more than we will ever need".

So, can you guys help me out?

Masa

It really all depends on the size and traffic of your network.

You are correct the more RAM the faster it will route and therefore improve connection speed.
Upgrades are always the better way to go esspecially if you expect your network to grow.

Does your buisness host any web services?
How many customers would be using it?
And how many computers and subnets would be behind the firewall?

512mb seems reasonable.
I don't believe that that is at all high end or overboard.

I think we are running a pair of 512mb Watchguard Fireboxes where i work.
But we host multiple websites, provide internet for our building, and a mail server.

I'm no expert however.
I wish i could help more.

Monkeydrye

Thanks for he info. You confirmed what I thought. We only have internet and Mail for 60 people. Our Website is off site.

Anyone else out there?

darkgrue

Most hardware firewalls will handle pretty considerable amounts of traffic (even older models you can get off eBay for cheap). Few can defend against a botnet DoS - I wouldn't consider that a purchasing decision though. If you get DoS'ed, your going to run out of bandwidth, or your servers are going to roll over and die. The only real defense is either upsteam filtering (good luck with that), or throw heinous amounts of money at bandwidth, heavy servers, and diverse connections. So, don't factor in DoS resiliancy in your purchase decision (and be VERY skeptical if a vendor claims it).

The thing that consumes the most RAM in a firewall is VPN connections. The state tables that hold connection information are really quite small (and usually a hardcoded size). Firewalls with massive amounts of RAM are usually hybrid affairs that can also act as VPN concentrators. Another RAM hog on firewalls are application-layer firewalls, which consume RAM when instancing a state machine to validate a data stream. Most firewalls today aren't application-layer now though (they're hybrid, or use partial state machines. Application-layer stuff is touchy, has bad performance, and doesn't work well with pretty much everything, because pretty much everything doesn't run to spec).

SonicWall's a pretty good firewall-in-a-box, and they have a pretty broad product selection. Appliance-based firewalls (like SonicWall), have a big advantage in that you just configure it and go. There's no fiddling about with the software or the underlying OS. So, the RAM size is kinda apples and oranges when compared to your usual server RAM sizing (where you usually want GB insteal of MB).

The downside is that you pay yearly maintenance contracts (which usually must be continguous - most companies will charge you a reinstatement fee to restart the contract, in addition to the yearly fee), in order to get support and firware updates. Which, if I think about it, isn't really different than the situation with software firewalls like Checkpoint... Those contracts (in both cases) aren't real cheap (which is why I've let them lapse on my firewall at home). Factor in the price of maintenance contracts, and whether you have to keep that contract running every year.

A good reseller should be able to help you with sizing questions for your particular network (assuming you have a pretty good handle on your site stats). I use a SonicWall SOHO 2 for my servers, which is pratically an antique. It's pretty nice, handles my traffic just fine - but I'm a small site).