On Thursday, 01/15/2004 at 03:43 EST, "Post, Mark K" <[EMAIL PROTECTED]> wrote:
> As Chris pointed out, the product was Stonegate. I want to add to Adam's > reply a little. If you anticipate a _lot_ of network traffic, and perhaps a > complex iptables ruleset, then running the firewall on the mainframe would > likely be a bad idea. Firewalls get very CPU intensive under high traffic, > much to my own disappointment. Let me also add that Stonegate uses a customized [Debian] kernel without the overhead incurred by iptables. It is much more efficient than iptables, and, from memory, it is certified to be able to act as a multi-domain firewall, reducing the number of firewalls required. The concept of a firewall between *each* Linux image is, in my mind, overkill. That's equivalent to putting every server on it's own LAN segment. If they don't require it for discrete servers, then there is no need to deploy it in a virtual network. Alan Altmark Sr. Software Engineer IBM z/VM Development
