Firewall Wizards mailing list archives

Re: Real Traffic Testing

From: Luca Berra <bluca () comedia it>
Date: Sun, 26 Oct 2003 15:37:38 +0100

Gianpiero Porchia wrote:

Hi,

We are evaluating a new firewall technology. Instead of testing it in a lab,
we would like to test it in a production environment. The idea should be the
following:

- Get the production traffic (for example using TAPs)
- Send the traffic to the new firewall
- Look at the firewall behaviour


it might work only if:
- FW and FW-test are only dumb packet filters
or
- FW and FW-test are guaranteed to behave in the same way when mangling
packets

but then it might not.... i believe the lab option will give you less
headaches.

The problems:
- The traffic is directed to the MAC address of FW, so FW-test will drop it;

you have to change the mac-address of FW-test to match FW

-- 
Luca Berra -- bluca () comedia it
 /"\
 \ /     ASCII RIBBON CAMPAIGN
  X        AGAINST HTML MAIL
 / \

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Real Traffic Testing Gianpiero Porchia (Oct 24)
- Re: Real Traffic Testing John Adams (Oct 24)
- Re: Real Traffic Testing Luca Berra (Oct 27)