RE: [High Speed Firewalls]

["Woeltje, Donald" <dwoeltje () sebh org>]

I'll agree with you on this (well, except one point maybe; the Alteon
products have been out for awhile - a few years - but certainly not as long
as Cisco has been around). As for BigIP, it outperformed all other router
products we tested, including Cisco Load Director. But it couldn't even
touch the switching products and they were less expensive.

So, my opinion then (as well as now), is why purchase something more
expensive with lesser performance when you can get something less expensive
with greater performance. Especially if it has all the features you are
looking for. Seems like a slam-dunk to me.

> -----Original Message-----
> From: Dippold, John [SMTP:John.Dippold () fmr com]
> Sent: Thursday, March 02, 2000 6:36 PM
> To:   'Woeltje, Donald'; 'James Vaughn'; firewall-wizards () nfr net
> Subject:      RE: [High Speed Firewalls]
>
>       Our results tend to agree. So far Alteon is faster than
>       anything we have seen and I think it's safe to guess
>       that switching products will out perform routing
>       products. BigIP is basically BSDI with a custom
>       kernel but the customizations have made it pretty 
>       fast. It blows away an other OS based routing firewall
>       I have benchmarked (Solaris,Linux,BSDI).
>               It all comes down to what your capacity requirements are
>       and what your security layering is like. Alteon may be
>       much fatser than you need it to be and you may not
>       be comfortable replacing your catalysts with Alteon
>       until it's been out for a while.
>
>                       -jsd
>
>
> > -----Original Message-----
> > From: Woeltje, Donald [mailto:dwoeltje () sebh org]
> > Sent: Thursday, March 02, 2000 9:30 AM
> > To: 'James Vaughn'; firewall-wizards () nfr net
> > Subject: RE: [High Speed Firewalls]
> >
> >
> > You're kidding, right? Neither a router (Cisco or any other) 
> > nor BigIP 5 can
> > perform as well (all out high-speed performance) as a 
> > switched solution,
> > utilizing a Layer 4 switch,  that has built-in firewalling 
> > capabilities.
> > I've done "proof of concept" laboratory testing of these 
> > types of solutions.
> > BigIP is nothing more than an over-priced router with load balancing
> > capabilities, much like a Cisco router with Cisco's Load 
> > Director on it.
> >
> > If he really just wants the ultimate in performance, I would 
> > suggest that he
> > check out Alteon WebSystems ACESwitch 180 with their 
> > ACElerate software (and
> > all the other Layer 4 switches on the market) to see if that 
> > will accomplish
> > what he wants. However, if he wants a "firewall", then he should get a
> > recognized firewall product from one of the companies that 
> > are recognized as
> > experts in the IT security industry.
> >
> > > -----Original Message-----
> > > From:     James Vaughn [SMTP:j.vaughn () usa net]
> > > Sent:     Wednesday, March 01, 2000 1:58 PM
> > > To:       firewall-wizards () nfr net
> > > Subject:  Re: [High Speed Firewalls]
> > >
> > >
> > >
> > > Hi,
> > >
> > > I'd recommend checking into a hardware-based firewall 
> > solution, rather 
> > > than a software firewall.  Hardware solutions are 
> > specifically designed 
> > > for the volume of traffic about which you're speaking.  
> > Check www.f5.com
> > > for
> > > their BigIP product (which is an internet-centric 
> > load-balancing, FW/etc.
> > > machine -- i.e., more than just a firewall; depends on why 
> > you need this)
> > > or
> > > www.cisco.com and look into their PIX solutions.
> > >
> > > There are others out there, too -- but these are the ones 
> > with which I'm
> > > familiar and trust.
> > >
> > > BTW -- Tried to send you an email directly (to save 
> > bandwidth on the nfr
> > > list)
> > > but the email was rejected:
> > >
> > > <hbaez () eos hitc com>:
> > > Connected to 38.177.222.21 but sender was rejected.
> > > Remote host said: 550 Access denied
> > >
> > > Probably a spam filter.  ;^)
> > >
> > > - James D Vaughn
> > >
> > >
> > > Henry Baez <hbaez () eos hitc com> wrote:
> > > > I am doing research on very high speed firewalls.  I mean 
> > firewalls that
> > > > are right now available that could handle OC3 and higher 
> > speeds via Gig
> > > > Byte Etherenet cards.  In searching the recent posting of 
> > this list and
> > > > a lot of general web searching, I have found only one 
> > firewall that
> > > > claims they can do so.  It is call POTUS from a company 
> > called Livermore
> > > > Software Laboratories.  I would very much like to find at 
> > lease another
> > > > vendor which at lease matches the claim of PORTUS, 300 MB 
> > plus through
> > > > put.  Management, bless them, likes to have choices, I 
> > would like to
> > > > present more then one vendor if possiable.
> > > >
> > > > I have experiences with two commercial firewalls, Checkpoint and
> > > > Gauntlet, and one freeware firewall, Ipfilter.  But the 
> > links where way
> > > > under 10 Meg Byte.  None of the firewalls I have work on 
> > 'claim' the
> > > > speeds I am looking for.  All the magazines 
> > 'test/reviews' I have looked
> > > > at top out at about 150 Meg. Byte.  The number of users 
> > for this project
> > > > would not be large, but each one would be moving Gig Byte 
> > size files
> > > > across the world.
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > Henry Baez
> > > > hbaez () eos hitc com
> > >
> > > > --------------------------------------------- 
> > > > Attachment: hbaez.vcf 
> > > > MIME Type: text/x-vcard 
> > > > --------------------------------------------- 
> > >
> > > ____________________________________________________________________
> > > Get free email and a permanent address at 
> http://www.netaddress.com/?N=1