(ASCEND) Re: Pipeline 130 firewall question

[Peter Lalor <plalor@infoasis.com>]

>From: "Allen Belletti" <abelletti@dmotorworks.com>
>
>I inherited a network environment which uses a Pipeline 130 to provide
>Internet connectivity via a full T1.  Until recently, the Pipeline was
>acting as both router and firewall, managed with Ascend SecureConnect
>Manager.  Due to severe performance problems with the Ascend firewall (which
>I'm told was not capable of supporting our level of traffic), I have moved
>the routing and firewall functions to a dedicated Unix box.  This resulted
>in a major decrease in ping times for all.

The P130 runs out of steam when firewalling and/or VPN is involved. 
It's fine with basic filters and routing. Ascend came out with the 
Pipeline 220 and the SuperPipes when more grunt is needed.

>My question is, how can I most completely disable processing within the
>Pipeline 130.  Currently, I have a "trusted" entry in the firewall for all
>possible connections, and every other firewall feature disabled.  Is this
>the best thing to do, or can I disable firewalling all together?

Remove the firewall from the connection profile and the Ethernet 
port. That way, the P130 will just route between Ether and T1 without 
examining the packets, and should be able to keep up. Also make sure 
that bridging is turned off unless you need it.
-- 

Peter Lalor           Infoasis
plalor@infoasis.com   http://www.infoasis.com/

"Where's my burrito?" -- Homer
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>