OK.. You want to go the NetScreen route, ok.. It is not like a Cisco, Web
Based administration.. The load balancing functionality is rudimentary at
best. The Foundry offering is much better and is designed for production
networks that were implemented for availability and not confidentiality.
Encryption and all those other type of fancy words for surrounding the
packets out of the network bogs down both the Foundry box and the
NetScreen due to some problems with tuning the network and the packet
filters created and getting the packet filters to behave the way you think
they should.. :)
/mark
"Neil Buckley" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/28/00 01:22 PM
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
cc:
Subject: RE: Gigabit Firewalls (more information)
I believe Netscreen has an ASIC based solution with gigE capability, or
maybe it's coming soon.
<Disclaimer>I'm not a netscreen admin and have no real-world experience or
affiliation with the company, I have read the sales literature and seen a
demo.</Disclaimer>
It seemed to be a basic firewall with a solid no moving parts design(IMO).
Depending on budget an expensive option might be to setup a load balancing
sandwich with firewall(s) in the middle. Utilize a load balancing switch
based architecture such as foundry's server iron(and others) and start
with
2(insert fav. FW vendor here) firewalls scaling wider as bandwidth
requirements increase or until desired performance is achieved.
Or.....
Run a good set of ACLs at your screening and choke points and spend
considerable time hardening all your server OS's. In either architecture
hardening your servers depending on services should give you a heightened
security posture(YMMV).
--Neil
> -----Original Message-----
> From: Kevin Johnston [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 28, 2000 2:15 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Gigabit Firewalls (more information)
>
>
> More information on gigabit firewall request:
>
> I am implementing a gigabit backbone with servers using gigabit NICs,
> transmitting 100-1000MB files at will over the network to/from
> workstations & servers. I need the bandwidth for such high volume. I
> am concerned that a software based solution will not be able to handle
> this kind of bandwidth. Correct me if I am wrong in this assumption. I
> am currently considering ASIC technology. But will consider any viable
> solution. Thanks again for any input.
>
> - kevin
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
