nanog mailing list archives
"firewalls" at high speed -- was Re: FW: your mail
From: "Howard C. Berkowitz" <hcb () clark net>
Date: Mon, 27 Sep 1999 08:27:27 -0400
Alex Rudnev observed,
Folks, why all you are saying about the Gigabit traffic for the firewall? Usially, firewall stand between intranet and internet, and it should proceed your upstream traffic, not more... And than, it's important to measure the throughput in packets/per_second, not in the gigabits... Everything other is true - I suggess no one good firewall can proceed gigabit traffic at all, and only a few specially designed boxes can proceed 100Mbit traffic. But just again - it's a rare case when you does have 100Mbit upstream link.
All good points. Something else to consider: with increasing cryptographic security requirements, the "firewall" (ambiguous term as it is, but let's think of it as a stateful packet screen -- the major approach at high speed) is not the only device between you and the outside. It's worth thinking of: Bastion hosts -- not trusted with crypto keys Security gateways -- trusted to do encryption IPsec gateways SSL/TLS proxies Conduits with access lists -- for host-to-host encryption, where the firewall wouldn't add value There is also the very murky area where logging and intrusion detection mix, and whether they can operate at these speeds/
Current thread:
- FW: your mail Rubens Kuhl Jr. (Sep 23)
- Re: FW: your mail Alex P. Rudnev (Sep 24)
- Anyone know of PPP conflicts between IOS 11.x & 12.x ? Mr. James W. Laferriere (Sep 24)
- Re: Anyone know of PPP conflicts between IOS 11.x & 12.x ? Mr. James W. Laferriere (Sep 24)
- Anyone know of PPP conflicts between IOS 11.x & 12.x ? Mr. James W. Laferriere (Sep 24)
- Re: FW: your mail Alex "Mr. Worf" Yuriev (Sep 25)
- Re: FW: your mail Robert E. Seastrom (Sep 25)
- Re: FW: your mail Patrick Greenwell (Sep 25)
- Re: FW: your mail Vijay Gill (Sep 25)
- Re: FW: your mail Alex P. Rudnev (Sep 27)
- "firewalls" at high speed -- was Re: FW: your mail Howard C. Berkowitz (Sep 27)
- Re: "firewalls" at high speed -- was Re: FW: your mail Alex P. Rudnev (Sep 27)
- Re: FW: your mail Robert E. Seastrom (Sep 25)
- Re: FW: your mail Alex P. Rudnev (Sep 24)
- <Possible follow-ups>
- Re: FW: your mail Owen DeLong (Sep 26)
- Re: FW: your mail Deepak Jain (Sep 26)