Firewall Wizards mailing list archives

RE: High Performance Firewall solution?

From: "Stout, William" <StoutW () pios com>
Date: Tue, 10 Feb 1998 14:46:14 -0500

----- Original Message -----
From: Aaron D. Turner [SMTP:aturner () vicinity com]
Subject:      RE: High Performance Firewall solution?

Bennet isn't talking about having a IP tunnel server behind the router in
this statement which you quote.


I snuck that in.  ;)

Actually something along the lines of what you're talking about is sorta
what I originally had in mind without the extra cost of big Cisco routers
and their subsequent cost in $$$ and latency.

...

Think of it this way:  All http traffic goes through the WSD to the web
farm (everything else is blocked).  All other traffic is forced to go
through the firewall.


O.K., forget packet filters.  Go the parallel proxy route.

Your original scheme:

              |                  |
              |--RND WSD Fe/Pro--|--Web Server Farm
Internet -----|                  | running Solaris
(100Mbps)     |                  |
              |--Firewall--------|
              |                  |
              |                  |
         Public VLAN         Private VLAN (192.168.xxx.xxx)

A suggestion:

              |  (HTTP/HTTPS only)
              |--RND WSD Fe/Pro--+--Web Server Farm
Internet -----R1                  running Solaris
(100Mbps)     |                       |  \
              |                       |   -two interfaces/websvr
              |--Firewall---+----R2---+
              |             |    |\
              |       Tunnel Svr |  -R2 filters T.S. traffic,
             DMZ                 |   access to/from webservers/fw
              |                  |
         Public VLAN         Private VLAN (192.168.xxx.xxx)

A different parallel configuration I've done:


              (HTTP, Telnet, FTP)
              |--Firewall----|
              |     |        |
Internet -----R    Disks     R--+--Internal LAN
(100Mbps)     |     |        |  |
              |--Firewall----|  T.S.
              (SMTP, NNTP, NTP)

The firewalls were clustered Alpha/DUNIX, manually load balanced, and
configured to (purposefully manually) failover services and secondary IP
addresses from one to another.  True 64-bit systems do well with
encryption...

Bill Stout - stoutb () sjinternet com
______________________________________________________________________
| San Jose Internet (My new startup <g>)         http://www.sjinternet.com/

Current thread:

High Performance Firewall solution? Aaron D. Turner (Feb 02)
- Re: High Performance Firewall solution? Bennett Todd (Feb 03)
  - Re: High Performance Firewall solution? Aaron D. Turner (Feb 03)
- <Possible follow-ups>
- RE: High Performance Firewall solution? Stout, William (Feb 09)
  - RE: High Performance Firewall solution? Aaron D. Turner (Feb 09)
  - Reactive Firewalls Aleph One (Feb 09)
    - Re: Reactive Firewalls Rick Smith (Feb 11)
- RE: High Performance Firewall solution? Stout, William (Feb 10)
  - RE: High Performance Firewall solution? Aaron D. Turner (Feb 11)
- RE: High Performance Firewall solution? Stout, William (Feb 14)