hmmm...
I guess my disclaimer in my initial posting wasn't enough 8). I was simply
pointing out that netscreen had stated they offered or were going to offer a
gigE solution. I was not endorsing it as a solution, just as a possible
vendor.
I'm not sure I understand how encrypted packets bog down the foundry box as
it wasn't suggested as an encryption/decryption device nor was it positioned
as a access control point of any kind. Is not an encrypted ethernet packet
switched the same way an unencrypted ethernet packet is? I wasn't aware
that the foundry or any other load balancer actually cared what was in the
packet payload as long as it was destined for the virtual ip and utilizing
the appropriate service. Perhaps my assumption was incorrect.
--Neil
>
> OK.. You want to go the NetScreen route, ok.. It is not like a Cisco, Web
> Based administration.. The load balancing functionality is
> rudimentary at
> best. The Foundry offering is much better and is designed for production
> networks that were implemented for availability and not confidentiality.
>
> Encryption and all those other type of fancy words for surrounding the
> packets out of the network bogs down both the Foundry box and the
> NetScreen due to some problems with tuning the network and the packet
> filters created and getting the packet filters to behave the way
> you think
> they should.. :)
>
> /mark
>
>
>
>
> "Neil Buckley" <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 02/28/00 01:22 PM
>
>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> cc:
> Subject: RE: Gigabit Firewalls (more information)
>
>
> I believe Netscreen has an ASIC based solution with gigE capability, or
> maybe it's coming soon.
>
> <Disclaimer>I'm not a netscreen admin and have no real-world experience or
> affiliation with the company, I have read the sales literature and seen a
> demo.</Disclaimer>
>
> It seemed to be a basic firewall with a solid no moving parts design(IMO).
>
> Depending on budget an expensive option might be to setup a load balancing
> sandwich with firewall(s) in the middle. Utilize a load balancing switch
> based architecture such as foundry's server iron(and others) and start
> with
> 2(insert fav. FW vendor here) firewalls scaling wider as bandwidth
> requirements increase or until desired performance is achieved.
>
> Or.....
>
> Run a good set of ACLs at your screening and choke points and spend
> considerable time hardening all your server OS's. In either architecture
> hardening your servers depending on services should give you a heightened
> security posture(YMMV).
>
> --Neil
>
> > -----Original Message-----
> > From: Kevin Johnston [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, February 28, 2000 2:15 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Gigabit Firewalls (more information)
> >
> >
> > More information on gigabit firewall request:
> >
> > I am implementing a gigabit backbone with servers using gigabit NICs,
> > transmitting 100-1000MB files at will over the network to/from
> > workstations & servers. I need the bandwidth for such high volume. I
> > am concerned that a software based solution will not be able to handle
> > this kind of bandwidth. Correct me if I am wrong in this assumption. I
> > am currently considering ASIC technology. But will consider any viable
> > solution. Thanks again for any input.
> >
> > - kevin
> >
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
