Firewall Wizards mailing list archives
Re: SMTP Firewall (fwd)
From: Roy Stevens <tobor () ns compunetservices com>
Date: Wed, 15 Sep 1999 08:49:16 -0500 (CDT)
---------- Forwarded message ---------- Date: Wed, 8 Sep 1999 10:26:32 -0500 (CDT) From: Roy Stevens <tobor@ns> To: Kenneth_W_Fox () sbphrd com Subject: Re: SMTP Firewall They currently employ 2 firewalls. One of which has all internal clients 6,000 + http browsers pointed at. The other carries 95+ % of the mail. This is accomplish through DNS mail record prefernce. Both firewalls are currently configured identically. They rely on DNS to split services. There is an inititive to move to a load sharing scenareo. I estimate that the SMTP load will be approximately 25%. They will also be adding additional services Real Media, news, other streaming content. The only positive argument I have is that by moving the mail service to it's own cluster (2 for redundancy) is that it will extend the usable life of the current hardware investment. Both clusters will be running aplication gateway proxy software. There is in place virus scanning for SMTP via an additonal server place between the firewall and the corp e-mail servers. I like the ideal of seperating the service, so that I can customize TCP setting for web traffic on one set while optimizing setting for mail type traffic on the other. This also would enable me to idependantly change, upgrade OS or applications without impacting the other, if this change is more suited to one type of service to the other. As for as administering the additional boxes, we currently admin about 20 so 2 more should be no big deal. I am looking for tangable items to support this decision or to deny it. My personal preference does not count for much. Thanks On Wed, 8 Sep 1999 Kenneth_W_Fox () sbphrd com wrote:
There are a number of reasons for and against. Depends on the firewall your using and the volume of traffic. WHat percentage of your firewall's resources are currently being expended on email (smtp) in & out. Or perhaps they want a specific piece of firewall softwware that does something your current firewall's software doesn't. Depends what other services are being pushed through your firewall (nntp, real audio or video, http). Look at it this way - if you already have more than one firewall, you should probably put http through one & smtp through the other. I look at having an array (2+ firewalls) all configured identically but with the non-primary services turned off on each firewall. then if there's a problem with one the others back it up in short order after your manual intervention - simple level redundancy.
Current thread:
- Re: SMTP Firewall (fwd) Roy Stevens (Sep 18)