Firewall Wizards mailing list archives
RE: High-Availability FW/VPN for Data Centers
From: "Joe Ippolito" <joe () joesnet com>
Date: Tue, 13 Mar 2001 21:55:27 -0800
What about global management? I need a common database for my internal networks, DMZs and encryption domains. 80-sites is too much to manage on 100 (~40x2 for HA +20) or more individual devices. I must use something like Provider-1 or Cisco Secure Policy Manager. Does NetScreen have anything comparable? The support costs are a very significant part of a fully-meshed VPN-based WAN of this magnitude. Thank you for your input. -----Original Message----- From: Shane Amante [mailto:shane () amante org] Sent: Tuesday, March 13, 2001 4:19 PM To: Joe Ippolito Subject: Re: [fw-wiz] High-Availability FW/VPN for Data Centers NetScreen 100 -or- NetScreen 1000 (very pricey) -shane On Mon, Mar 12, 2001 at 07:28:57AM -0800, Joe Ippolito wrote:
We have successfully deployed a primarily VPN-based WAN connecting
59-sites
in a very large manufacturing company. The push now is to move line-of-business applications to three data centers, one in the US, one in Europe and one in Asia. The data centers will have multiple T3/E3
circuits
to two major providers. We wish to change the FW/VPN platform that we currently use due an occasional NDIS buffer overflow problem that requires
a
re-boot. Hardware for almost all of our firewalls is aging and is due for refresh. Some of the requirements are: Secure Internet firewalls. High availability - a single hardware failure cannot cause a loss of connectivity. High throughput - up to 90 Mbits/sec of IPSec 3DES encryption. Global management - A single database of network definitions, rulebases,
etc
for over 100 firewalls/VPN devices. Desirable: Quality of service so that the transfer of very large CAD files to/from
data
centers cannot easily slow down time-sensitive ERP interactive sessions. Products currently being considered: Firewall-1/VPN-1 CP HA on Linux and Provider-10 Nokia Fw1/VPN1, VRRP and Provider-10 Cisco Pix and CSPM MS ISA, Win 2K L2TP/IPSec, NLB, MMC I do not give the fourth option much chance due to low a level of
experience
but, pricing makes it an alternative that I would like to keep in the analysis for reference. I would like to get your opinions on the options I have described above
for
my initial presentation to my management. Thank you in advance for your valued input. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- High-Availability FW/VPN for Data Centers Joe Ippolito (Mar 13)
- <Possible follow-ups>
- RE: High-Availability FW/VPN for Data Centers Joe Ippolito (Mar 14)
- Re: High-Availability FW/VPN for Data Centers Shane Amante (Mar 14)