【正文】 abilities as more plicated needs andconfigurations are created, thus allowing a user to enjoy its usefor a longer period of time(longer life span).Central ManagementCapability(NetScreenGlobal Manager)Cisco does not offer central management capabilities for their PIXsystems currently. NetScreen will ship their NetScreen GlobalManager in Sept 1999,which is capable of managing 1000+ NetScreensystems from a single console. This will be of enormous benefit tolarge distributed enterprises or ISP s looking for the mostefficient way to offer their customers managed security services.No upgrades or addonsrequiredNetScreen10 es plete with full, unlimited user firewall,IPSec VPN and QoS traffic management, all included and integratedfor one price. There are no addons to configure later, or upgradescosts for growing user s needs. Optional NetScreen softwaresubscription will enable all NetScreen users to upgrade theirfeatures regularly, as they are developed by NetScreen.NetScreen10 is designed to provide scalability for growing usersneeds, as well as with the capability to add new features over thelife of ownership of the product = a good investment.第26 頁(yè)共46 頁(yè)NetScreen100 與Cisco Pix 525 的比較Packet size 64 200 500 1000 1400 Testing NotesSingle Seesion,5Rules20 20 20 20 201:1NAT(Uni)(pps) 100% Utilization100Mb/Sec(Mbps) Some large packet loss2 Session,5Rules1:1NAT(Bidir)(pps) 3996100%Utilization100Mb/Sec(Mbps) 50% large packet loss4000Sessions,50Rules1:1NAT(Uni)(pps) 58647 52159 24036 12253 100% Utilization100Mb/Sec(Mbps) Some large packet loss1:1NAT(Bidir)(pps) 100% Utilization100Mb/SecCiscoPix525(Mbps) 47% large packet lossSingle Seesion,5Rules1:1NAT(Uni)(pps) 56818 100% Utilization100Mb/Sec(Mbps) Zero Large Packet Loss2 Session,5Rules1:1NAT(Bidir)(pps) 100% Utilization200Mb/Sec(Mbps) BidirectionalPerformance4000Sessions,50Rules1:1NAT(Uni)(pps) 70282 12255 100% Utilization100Mb/Sec(Mbps) Zero Large Packet Loss1:1NAT(Bidir)(pps) 53898 100% Utilization200Mb/SecNetScreen100(Mbps) BidirectionalPerformance第27 頁(yè)共46 頁(yè)NetScreen100 與Cisco Pix 535 的比較Packet size 64 200 500 1000 1400 Testing NotesMaximum PossibleSessions74404 56818 24039 12255 8802Cisco PIX525 1:1 NAT1 ACLUDPSessions/Sec25138 24525 24038 12254 8802 Unidirectional100% totalSessionsRamped/Total(%)% % % % %1 ACLUDPSessions/Sec25635 28135 16272 6281 4404 Bidirectional200%CiscoSessionsRamped/Total(%)% % % % 50%Cisco PIX525 1:1 NAT1 ACLUDPSessions/Sec26688 27226 24039 12255 8802 Unidirectional100% totalSessionsRamped/Total(%)% % % %%1 ACLUDPSessions/Sec27947 29067 24021 12255 8802 Bidirectional200%NetScreenSessionsRamped/Total(%)% % % %%第28 頁(yè)共46 頁(yè)NetScreen500 與Cisco Pix 535 的比較The NetScreen500:25times greater thoughputthan the Cisco PIX 535.Adding to the CiscoPIX 53539。swoes,the devicedoes not supportlargeframesegmentation.第29 頁(yè)共46 頁(yè)The XetScreen500exhibited VPN latencytimes of almost halfthose collected forCisco.第30 頁(yè)共46 頁(yè)NetScreen1000 與Cisco Pix 535 的比較Cisco39。s ClaimsPositioning:Designed for very large enterprise and service provider customers,the PIX 535 is a carrierclass firewall providing high levels of networksecurity and reliability with aggregate throughput of 1 Gigabit per second(Gbps) and up to 500,000 concurrent connections. In addition, the PIX 535 isa purposebuilt firewall appliance that offers an unprecedented level ofprotection.Firewall:Aggregate throughput of 1 Gigabit per second (Gbps) and up to500,000 concurrent connectionsVPN:100Mbps 3DES throughput up to 2,000 tunnelsHardware Options:It supports up to 1 GB of RAM, eight Gigabit Ethernet or 10/100 FastEthernet interfaces, and a VPN Accelerator Card, redundant hot swappablepower supply and the option to failover to a hotstandby, redundant PIXNetwork World ClaimsPositioning:The PIX 535 is one of two firewalls we39。ve tested that can trulyhandle these gigabit speeds. NetScreen39。s NetScreen 1000 also handles thislevel of throughput.Firewall:* 2G bit/sec Using four 1 Gigabit Ethernet NICs and 4 connections and large packet sizes* Performance in reallife situations 400M bit/sec – mixed size packets with 2,000connections through the firewall第31 頁(yè)共46 頁(yè)* Connection establishment benchmarked at approximately 8,500 connection/secVPN:* VPN Card (based on IRE39。s SafeNet DSP), benchmarked atspeeds of 90M bit/sec using a fairly typical traffic mix and a small numberof IP Security associations.*VPN performance drops by as much as 30% in some tests wherehard configuration was sub optimal. PIX535 is very sensitive toconfiguration and network engineering.Hardware Configuration amp。 Options:Three PCI buses, two of which are 64 bits wide to acmodate thefour Gigabit Ethernet interfaces Cisco expects you39。ll use to connect yourPIX 535 to your network. The third PCI bus is a 32bit bus, which can takefour 10/100 Ethernet interfaces and a VPN accelerator card. Driving thosebuses is a 1GHz Intel processorPositioning the NetScreen1000ES amp。 NetScreen1000SP against the PIX 535The NetScreen1000SP is not a petitor to the PIX 535, the NetScreen1000SP is inanother category altogether from the PIX 535. The NetScreen1000SP supports 1 gigabitFirewall amp。 VPN throughput, redundant power supplies amp。 fans, DC power option and 100virtual systems allowing for deployment in the network core and whole of data centermanaged security services to be offered without placing individual firewalls in eachcustomer cage.The NetScreen1000ES is our product for peting in the single enterprise gigabitfirewall mark