RE: High Speed Firewalls

["Dippold, John" <John.Dippold () fmr com>]

        Yup. I beleive that. Alteon is a switch and BigIP is 
        a router. I bench marked IP Filter on BigIP and got
        up to 320 Mbs throughput with packet filtering on. 
                You could use a cisco device and beat that but
        bigIP has some nice load ballancing features as well.
        There are a lot of options out there today for security
        "layering". I have to admit it's getting better....

                        -jsd

> -----Original Message-----
> From: Woeltje, Donald [mailto:dwoeltje () sebh org]
> Sent: Thursday, March 02, 2000 9:33 AM
> To: 'Dippold, John'; 'Henry Baez'; firewall-wizards () nfr net
> Subject: RE: High Speed Firewalls
>
>
> With the testing I performed as a senior consultant to the 
> Anheuser-Busch
> corporation, Alteon's ACESwitch 180 outperformed BigIP 20 to 1.
>
> > -----Original Message-----
> > From:       Dippold, John [SMTP:John.Dippold () fmr com]
> > Sent:       Wednesday, March 01, 2000 2:15 PM
> > To: 'Henry Baez'; firewall-wizards () nfr net
> > Subject:    RE: High Speed Firewalls
> >
> >
> >     I'm no expert but we have been looking at similar 
> >     requirements. It all depends on what you call
> >     a firewall. You can use ACL's on a router at that speed.
> >     There are also several switching products that have 
> >     filtering. They include Alteon and Arrowpoint. Netscreen
> >     is pretty fast but I haven't had a crack at their new Gig 
> >     support. I wouldn't waste time on PIX if you're looking 
> for speed.
> >     Also, BigIP has ported IP Filter to their platform and they have
> >     Gig support. My benchmarks show them topping out at 320 Mbs
> >     but that varies with packet size.
> >             I have never heard of POTUS but I will take a look,
> >     although the name "POTUS" does not inspire thoughts
> >     of high performance ;)
> >
> >                             -jsd
> >
> > > -----Original Message-----
> > > From: Henry Baez [mailto:hbaez () eos hitc com]
> > > Sent: Wednesday, March 01, 2000 10:51 AM
> > > To: firewall-wizards () nfr net
> > > Subject: High Speed Firewalls
> > >
> > >
> > > I am doing research on very high speed firewalls.  I mean 
> > > firewalls that
> > > are right now available that could handle OC3 and higher 
> > > speeds via Gig
> > > Byte Etherenet cards.  In searching the recent posting of 
> > > this list and
> > > a lot of general web searching, I have found only one 
> firewall that
> > > claims they can do so.  It is call POTUS from a company 
> > > called Livermore
> > > Software Laboratories.  I would very much like to find at 
> > > lease another
> > > vendor which at lease matches the claim of PORTUS, 300 MB 
> plus through
> > > put.  Management, bless them, likes to have choices, I 
> would like to
> > > present more then one vendor if possiable.
> > >
> > > I have experiences with two commercial firewalls, Checkpoint and
> > > Gauntlet, and one freeware firewall, Ipfilter.  But the links 
> > > where way
> > > under 10 Meg Byte.  None of the firewalls I have work on 
> 'claim' the
> > > speeds I am looking for.  All the magazines 'test/reviews' I 
> > > have looked
> > > at top out at about 150 Meg. Byte.  The number of users for 
> > > this project
> > > would not be large, but each one would be moving Gig Byte 
> size files
> > > across the world.
> > >
> > >
> > > Thanks,
> > >
> > > Henry Baez
> > > hbaez () eos hitc com