I know that Raptor watches a SSL connection to make sure that it actually does a SSL handshake, and if it doesn't the connection is terminated. after the inital handshake is done it doesn't do anything more then to pass the data stream (this feature was added in 6.5)
David Lang On Tue, 3 Jul 2001, Marcus J. Ranum wrote: > Date: Tue, 03 Jul 2001 13:26:15 -0400 > From: Marcus J. Ranum <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Performance testing > > Johnston Mark <[EMAIL PROTECTED]> wrote: > >I have an appliance firewall which I would like to do some load testing > >against. I'm planning to host web sites and I need to know of the FW is > >going to handle all the connections. I have a rough idea of what amount of > >hits I expect per domain per month. > > > >a) What is a good way to approach this type of project > >b) Is there software etc to do this or some scripts that I can run on a > >unix box > > > There are some old documents and scripts on: > http://web.ranum.com/pubs/fwperf/index.htm > describing some thinking me and a few friends did on firewall performance > testing in the "old days" of firewalls. > > I suspect with a "modern" firewall the differences in performance will be even > more interesting. For example, does the firewall just look at SSL ("oh, > look. SSL. > I can't do anything with that, let me open a rule and pass all packets.") > or does > it try to parse anything and/or record stuff? So if you want to test you'll > need > valid traffic not just a bunch of random frames from a smartbits... Expect your > mileage to vary wildly and remember that faster is not more secure. In fact > speed and security have no relationship whatsoever...* > > mjr. > (* Before someone argues "slower is probably more secure" consider the > case of a packet filter with a delay loop to make it look "more secure") ;) > --- > Marcus J. Ranum Chief Technology Officer, NFR Security Inc. > Work: http://www.nfr.com > Play: http://www.ranum.com > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
