I have an agent which sends syslog messages to a syslog server on a different zone through my PIX 535 FW. The number of events which my agent sends can reach up to 100 million events per day. My questions are:
1- If I configured NATing between these 2 zones, will their be any performance degradation on the PIX 535 FW. In other words, is there a certian limitation to the number of connections I can do NATing for in PIX?
2- Would their be any improvement if I configured regular routing (i.e. if I configured the "static" command to route the subnet and to do any translation (e.g. static (dmz1,dmz2) 10.10.10.10 10.10.10.10 net 255.255.255.255) over the regular NATing (NAT and Global), will this minimize the overhead on the PIX?
3- Would it make any difference if the translated connections were TCP or UDP (i.e. will the overhead be lower on my PIX if the traffic was UDP traffic)?
Thanks for your response... I know that theoritically the number is unlimited in terms of number of sessions and static translations the PIX can handle but is it practicially feasible to implement this or would it affect the performance of my PIX?
Point#2 is related to my question above, so if I used routing instead of NATing between the 2 zones I'm having communication between them, will this offload some of the resource utilization as compared to NATing?
In summary, would you recommend me going ahead with doing static translation for hundred millions of connections per day?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...