When it comes to firewalls, you must also think about the security you are
looking for. There are four basic different types of firewalls:
packet filters
statful inspection
proxy
application gatways
packet filters are often very fast ( could even be just a router with
firewall software ). For example a basic Cisco PIX.
Stat.. like FW-1 offer more security, but are not as fast.
Proxy, are slower then stat... but offers even more security.
App... are the slowest, but most secure.
Most statful. proxy and application. are software based. This gives you
the problem (pleasure) och having to pick a OS.
The load problem is not really a problem now a days. For example, a very
heavy configured application gateway ( for example Gauntlet ), will check
every packet for possible none allowed commands. If you have a machine (
for example, a medium Sun Ultra XX ) with 100Mb interfaces, and only a 2Mb
pipe to the internet. Then the OS and the firewall will have no problem in
handling the load. The bottleneck will be else where.
Choosing a firewall is almost religious.
Hardware vs Software
NT vs UNIX
packet or statful vs proxy or application
You must also consider some other things, will you have a webserver,
mailserver, DNS, and on... accesable from the internet. Will you have a
DMZ for some of you servers. Will you have different rules for different
people (for example, only administrator is allowed to surf to warez sites).
IMHO (stressing the H) I say go for maximum security!
and that is IMHO (stressing the H again) Gauntlet 5.5 on Solaris 2.6 and
at least Sun Ultra Sparc Station 10.
But, keep in mind what I said. Firewalls are a bit religion. And I prefer
having the control of the OS ( no hardware solutions for me ), or NT for
the same reason. I also like having maximum control of what's passing the
firewall, for that reason I go for a application gateway.
Hope that helps you.
Lars Kronf�lt
(The letter contains only my personal opinion, and should not be mixed
with the opinion of the company I'm working for)
On Fri, 5 Nov 1999, Ashley Culver wrote:
> Hi,
>
> Apologies in advance if this isn't the kind of email that should be used on
> this Mailing List as I imagine you might get a few of these (and might be a
> bit tired of them ! )
>
> I'm just starting a feasibility study on implementing a firewall for our
> site. I have become aware that there are a large number of firewall products
> out there and I would like to draw up a shortlist of products to examine
> more closely which best suit our needs.
>
> I am specifically looking for firewalls which would handle a load of approx.
> 500 - 1000 computers (Enterprise Level ? )- some of which would access the
> 'outside world' fairly often (email, web e.t.c.)
>
> Could anyone suggest (or point me in the right direction) any products which
> would handle that kind of load comfortably so I can look at them more
> closely. Or any products which would fail under such a situation but pretend
> otherwise.
>
> I have spent some time examining some products which sound great but then
> read elsewhere that they are only suitable for small offices...
>
> Thanks in advance,
>
> Ashley Culver
> Cambridge
> UK
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
