OK..
Here we go again.. Let's get this correct, in order to get the gigabit
cards to work under Solaris, one must apply certain hardware patches from
Sun to eliminate the errors one may get if one installs stock Solaris 2.6
or Solaris 7. For some on the bigger Sun hardware platforms, with the
gigabit ethernet cards, the stock installation does not have these patches
already included, but does have the 64-bit enhancements included..
Boy,while we are at, does anybody want to talk about when NAI dropped the
BSDI platform, the install scripts on the Solaris platform did not work..
Hmm, maybe NAI QA rushed before double-checking to ensure that all the
scripts worked correctly..
I know when I was evaluating the NAI WebShield 300 E-ppliance, there were
several instances in the documentation that did not concur with the
platform that was shipped. Especially when dealing with the gigabit
ethernet cards.
I am so glad the real security cronies from Boston are posting.. Cheers to
both Craig and Wayne.. :)
/m
Wayne Schmidt <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/28/00 06:36 PM
Please respond to schmidtw
To: "Craig I. Hagan" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: Gigabit Firewalls -reply
"Craig I. Hagan" wrote:
>
> > Wrong answer.
> >
> > According to NAI support, Gauntlet 5.5 only supports the recommended
> > hardware as stated in their brochure and manuals.
> > Solaris is an operating system. Sun Solaris(tm) 2.6, Solaris 7,
Solaris 8
> > do support gigabit ethernet..
>
> how very vendor of you ;)
>
> the fact is that gauntlet really doesn't care that much about what the
os is
> doing with its socket calls, so one could run a firewall quite happily
on
> solaris with gigabit cards. with that said, i'm not sure that the
performance
> requirement would work with gauntlet (or most other firewall products)
at
> anything approaching full gigabit speeds.
>
> are there any products out there that "don't suck(tm)" which support --
and
> deliver -- gigabit speeds without turning into pure packetfilters?
>
> -- craig
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
Nothing currently. Just cause you can stick the card into a system and
not have it panic don't mean you'll get "gig
speeds".
But there's a bunch of things you could do to get there though, ranging
from injecting an NFR boxen with custom N code,
to using ipfilter and bwall or trex proxies as a hybrid on some hot fast
Linux or BSD boxen.
( use the ipfilter rules to fast track TCP connections, and then defend
individual protocols with proxies. ).
You're mileage may vary.
--wayne -
--
+ Wayne K. Schmidt ..................................................... +
+ Security Engineer / Morgan Stanley Dean Witter & Co. Security Group .. +
+ Page: 1 888 647 5052 .. Work: 1 212 762 2701 .. Email: [EMAIL PROTECTED] +
+ ....................... "Quis Custodiet Ipsos Custodes?" .( Juvenal ). +
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
