I've been having trouble finding reliable information about scalable,
high-availability firewalls and was hoping some people here may be able
to give me some direction.
First, some base requirements:
- The firewall will be protecting an externally hosted web service we're
developing. High security and high reliability are essential.
- The traffic passing through the firewall will be 95% inbound SSL3
encrypted web traffic. The remainder would be outbound DNS queries and
SMTP traffic, and a small amount of inbound management traffic (VPN or
SSH).
- The system must be able to accommodate T3 levels of traffic (45Mbps).
- The system must have redundancy/failover capabilities.
- The system should provide good logging & auditing capabilities.
Before the bandwidth requirements had come into play, we had narrowed down
the choices to Gauntlet or Firewall-1 running on 2 Sun 250 servers. There
is some concern, however, as to whether this would be able to handle the
bandwidth requirements.
The alternatives are looking at other firewall solutions that have higher
(perceived) performance such as PIX or ANS, or possibly using a load
balancing system in front of the firewalls. One vendor has also suggested
using a Sun cluster solution.
I'm a little leary of all of these options since I'm not as knowledgeable
about the other firewall products and the other options increase the
complexity of the system. I was also hoping to be able to standardize on
one firewall product, since we'll also need a firewall (supporting much
more more general purpose traffic) in front of our business network.
Has anyone had experience running a similar configuration that can give
some pointers as to what the best options are? Or are there better
options that we're overlooking?
Thanks very much in advance.
Scott Miles
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
