Dr. Teicher,
Which fine manual do you recommend for determining the exact impact of an
encrypted payload on load balancing devices :)
Thanks for answering the question.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 28, 2000 11:07 PM
> To: Neil Buckley
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: Gigabit Firewalls (more information) -reply
>
>
> Neil,
>
> Read The Fine Manual (RTFM) :)
>
>
>
>
>
>
>
> "Neil Buckley" <[EMAIL PROTECTED]>
> 02/28/00 07:54 PM
>
>
> To: <[EMAIL PROTECTED]>
> cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: RE: Gigabit Firewalls (more information) -reply
>
>
> hmmm...
>
> I guess my disclaimer in my initial posting wasn't enough 8). I was
> simply
> pointing out that netscreen had stated they offered or were going
> to offer
> a
> gigE solution. I was not endorsing it as a solution, just as a possible
> vendor.
>
> I'm not sure I understand how encrypted packets bog down the foundry box
> as
> it wasn't suggested as an encryption/decryption device nor was it
> positioned
> as a access control point of any kind. Is not an encrypted ethernet
> packet
> switched the same way an unencrypted ethernet packet is? I wasn't aware
> that the foundry or any other load balancer actually cared what was in the
> packet payload as long as it was destined for the virtual ip and utilizing
> the appropriate service. Perhaps my assumption was incorrect.
>
> --Neil
>
> >
> > OK.. You want to go the NetScreen route, ok.. It is not like a Cisco,
> Web
> > Based administration.. The load balancing functionality is
> > rudimentary at
> > best. The Foundry offering is much better and is designed for
> production
> > networks that were implemented for availability and not confidentiality.
> >
> > Encryption and all those other type of fancy words for surrounding the
> > packets out of the network bogs down both the Foundry box and the
> > NetScreen due to some problems with tuning the network and the packet
> > filters created and getting the packet filters to behave the way
> > you think
> > they should.. :)
> >
> > /mark
> >
> >
> >
> >
> > "Neil Buckley" <[EMAIL PROTECTED]>
> > Sent by: [EMAIL PROTECTED]
> > 02/28/00 01:22 PM
> >
> >
> > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> > cc:
> > Subject: RE: Gigabit Firewalls (more information)
> >
> >
> > I believe Netscreen has an ASIC based solution with gigE capability, or
> > maybe it's coming soon.
> >
> > <Disclaimer>I'm not a netscreen admin and have no real-world experience
> or
> > affiliation with the company, I have read the sales literature and seen
> a
> > demo.</Disclaimer>
> >
> > It seemed to be a basic firewall with a solid no moving parts
> design(IMO).
> >
> > Depending on budget an expensive option might be to setup a load
> balancing
> > sandwich with firewall(s) in the middle. Utilize a load balancing
> switch
> > based architecture such as foundry's server iron(and others) and start
> > with
> > 2(insert fav. FW vendor here) firewalls scaling wider as bandwidth
> > requirements increase or until desired performance is achieved.
> >
> > Or.....
> >
> > Run a good set of ACLs at your screening and choke points and spend
> > considerable time hardening all your server OS's. In either
> architecture
> > hardening your servers depending on services should give you a
> heightened
> > security posture(YMMV).
> >
> > --Neil
> >
> > > -----Original Message-----
> > > From: Kevin Johnston [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, February 28, 2000 2:15 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: Gigabit Firewalls (more information)
> > >
> > >
> > > More information on gigabit firewall request:
> > >
> > > I am implementing a gigabit backbone with servers using gigabit NICs,
> > > transmitting 100-1000MB files at will over the network to/from
> > > workstations & servers. I need the bandwidth for such high volume. I
> > > am concerned that a software based solution will not be able to handle
> > > this kind of bandwidth. Correct me if I am wrong in this assumption.
> I
> > > am currently considering ASIC technology. But will consider any
> viable
> > > solution. Thanks again for any input.
> > >
> > > - kevin
> > >
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
