Firewall Wizards mailing list archives
RE: High Performance Firewall solution?
From: "Stout, William" <StoutW () pios com>
Date: Mon, 09 Feb 1998 18:03:29 -0500
That answer sounded good to me. Why is a packet filter not appropriate? Behind that you can use an IP tunnel server or protocol-specific encryption, plus strong authentication. Then an IDS to catch those who might've gotten through the packet filter. I like Cisco routers, but NSC borderguard routers respond to Wheelgroup IDS software (Borderware, Borderguard) and they also have R-R VPN capability (data 'sleeves'). AFA dial-up/tunnel client performance (ref Windows), poor performance may be caused by MTU setting of 1500 vs. 576 (which works much better) and other default Windows settings. F/R and ATM also impact performance WRT packet size due to packet assembly/disassembly. Bill Stout
----- Original Message ----- From: Aaron D. Turner [SMTP:aturner () vicinity com] Sent: Tuesday, February 03, 1998, 12:15:00 Subject: Re: High Performance Firewall solution? Trust me we've looked at this sorta thing already. Problem is when we need to support ICMP (for ping/traceroute testing), SNMP for Oracle (UDP traffic) from certain clients some with dynamic IP's. We also need to allow ftp to certain machines for customer uploads. Also the Win95/NT ssh client sucks compared to the *nix version. Allowing our two offices and telecomuters VPN access to the webservers, the DB machines, and NT boxes which do on the fly rendering is what we're looking for.
<snip>
Piece o' cake. Take whatever seriously muscular router tickles your fancy --- say a pair of Cisco 7513s running a load-balancing dual-HSRP config:-). Tell it to block everything except port 80. Or perhaps your WSD will do this for you. Next, audit those web servers behind so they do _not_ have bugs in their CGIs (which in general no firewall is going to help with).
Current thread:
- High Performance Firewall solution? Aaron D. Turner (Feb 02)
- Re: High Performance Firewall solution? Bennett Todd (Feb 03)
- Re: High Performance Firewall solution? Aaron D. Turner (Feb 03)
- <Possible follow-ups>
- RE: High Performance Firewall solution? Stout, William (Feb 09)
- RE: High Performance Firewall solution? Aaron D. Turner (Feb 09)
- Reactive Firewalls Aleph One (Feb 09)
- Re: Reactive Firewalls Rick Smith (Feb 11)
- RE: High Performance Firewall solution? Stout, William (Feb 10)
- RE: High Performance Firewall solution? Aaron D. Turner (Feb 11)
- RE: High Performance Firewall solution? Stout, William (Feb 14)
- Re: High Performance Firewall solution? Bennett Todd (Feb 03)