How does Firewall Client send traffic to Ext NIC?

How does Firewall Client send traffic to Ext NIC? (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> Firewall Client

Message

shaferbus -> How does Firewall Client send traffic to Ext NIC? (7.Jan.2008 1:27:49 AM)
I'm running SBS2000, so I can't keep ISA Server on a machine separate from Exchange, DNS, etc. Therefore I need to keep a close eye on the processor loads of each application. Originally, we used our router to regulate Internet traffic on a per-machine basis. ISA Server (though running in Integrated Mode) was used primarily for web caching. Now our company has grown, and our Internet requirements are more complex. I need to regulate web access on a per-group basis, and I'm thinking that Firewall Client will be the way to go, but there's one thing I'm not quite clear on. If ISA and Firewall Client decide to allow access from the client machine to the external NIC, what kind of processor load is involved in movement of the actual content? I realize that using the Firewall portion of ISA Server to handle Internet access will increase network traffic through the server NIC's, the hardware in place should handle it easily. My worry is that I'll see a big spike in CPU usage, because I'm not really clear on how things happen at that level. Any opinions or experiences would be greatly appreciated!

AHIT -> RE: How does Firewall Client send traffic to Ext NIC? (8.Jan.2008 7:06:59 AM)
Aaaah.. the age old question... how long's a piece of string? The answer of course, is, it depends. Same here. How many users, what type of traffic/applications, how much traffic to transfer, what type of CPU and speed etc etc etc.. No need for answers to any of the above... 'cause it'd still be a guess. I run most of my ISA's in a corporate environment. Some are running on, now "old", Compaq kit with P3's at 766Mhz handling 50+ GB per month for a couple hundred users (albeit mostly web-proxy). CPU usage barely moves all day from an average 10-15% odd state. So, any "modern machine" would probably do it sitting on its ear with barely a CPU spike to be seen.

shaferbus -> RE: How does Firewall Client send traffic to Ext NIC? (8.Jan.2008 11:14:30 AM)
Thanks ahit! I understood how it works functionally, but didn't really have a grasp on whether the content itself just went NIC to NIC, with the processor just acting as traffic cop, or what LOL. Nothing like real world experience. Sounds like my Dell Poweredge server should be able to handle it without issue.[:D]

AHIT -> RE: How does Firewall Client send traffic to Ext NIC? (14.Jan.2008 8:13:01 PM)
yeah - a recent poweredge would do it standing on its ear. In fact if it could talk it would be somethig like Marvin the Paranoid Android (HitchHikers Guide) - "Here I am, brain the size of a planet and that's all you want me to do" (Paraphrased)

Page: [1]