6

We have set up all the equipment necessary to have a gigabit network. All servers + workstations are running gigabit cards, just bought a 16 port switch that can handle gigabit as well. My concern is now that our firewall is not up to scratch. Our firewall is a Juniper Netscreen 5GT which is only 10/100 mbit. If all of our computers are set up to be inside the "trusted zone" - can I still realize the gigabit potential without upgrading our firewall. My thinking is that all computers will talk to eachother through the switch and shouldn't run into any trouble with the firewall - however I have read that a single 10/100 device brings down the whole network to a slower speed even if two computers talking are gigabit.

If not, does anyone recommend the next highest model in the Juniper line that can handle a gigabit output (all I would need is one port as our switch can handle the rest).

Here is a handy diagram of our future setup. Green are all gigabit devices. enter image description here

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
MikeMurko
  • 204
  • 2
  • 12
  • 1
    The SRX210, which runs JunOS and not ScreenOS would be the next logical Juniper choice that has a few Gigabit ports. However like ewwhite said below, your traffic is peer to peer and as such the firewall will not affect that communication. You should be fine as is. – SpacemanSpiff Jun 27 '11 at 19:19

2 Answers2

7

Because you are using a gigabit switch (and not a hub) and otherwise all gigabit capable devices and cabling except the firewall, all your devices will communicate with each other at gigabit speeds.

Only traffic going to/from or through your firewall will be limited to 100mbps, and likely a lot lower if your internet connection is not 100mbps either, in short if your internet connection is not running at a greater speed than 100mbps then you dont need to upgrade your firewall.

anthonysomerset
  • 3,983
  • 2
  • 20
  • 24
  • 1
    +1 the _old_ "a single slow device will limit everything" meme was true for shared-medium networks, like hubs or coax, never for switched networks. – Javier Jun 28 '11 at 03:46
6

In this situation, you won't need to upgrade your firewall. You're correct in that your devices will communicate with each other via the gigE switch. The presence of the 10/100 device won't have an adverse effect on your network.

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • Thank you to SpacemanSpiff and ewwhite. I did a bit of reading on our new switch and in their examples they also have a 10/100 firewall, so that falls in line. Thank god - don't have to rewrite all our network rules! – MikeMurko Jun 27 '11 at 19:34