I do not run a DEC SEAL gateway, so I don't know any specifics. The
original poster's statement is probably true for his environment.
However, one of my Internet accounts does go through a DEC SEAL
gateway, and I routinely experience abysmal performance telnetting
through the DEC SEAL telnet proxy server to hosts on the other side of
This could be a problem with the internet feed on the other side of
the firewall, or it could be the firewall itself. I have no way of
isolating these factors, since I don't run the gateway. My gut
feeling is that the bastion host is having scheduler problems, but
that's not an objective evaluation.
If you want a real answer to this question, you'll have to get a SEAL
box in, hook some machines up on either side of it, and actually
measure performance through the firewall given loads similar to what
you're expecting to have. I have never seen benchmarks like this for
any commercial firewall. I'd be very interested to.
The thing that most surprised me was the apparent claim that the
firewall had no performance limitations. This can't be true - if
nothing else, there are absolute limits on the performance of the
system bus. Long before those limits are hit, I would expect to see
problems with the I/O and CPU scheduling algorithms used in OSF/1 (or
Ultrix, for that matter). What may be true is that the performance
limits are greater than the bandwidth of the connection(s) on the
other side. I could be convinced of this (indeed, I believe this is
true for the filtering router), but I haven't seen any evidence yet.
Ted Lemon Wells Fargo Bank, Information Protection Division
com +1 415 477 5045