Re: High Speed Firewalls

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Henry Baez, sie wrote:
> I am doing research on very high speed firewalls.  I mean firewalls that
> are right now available that could handle OC3 and higher speeds via Gig
> Byte Etherenet cards.  In searching the recent posting of this list and
> a lot of general web searching, I have found only one firewall that
> claims they can do so.  It is call POTUS from a company called Livermore
> Software Laboratories.  I would very much like to find at lease another
> vendor which at lease matches the claim of PORTUS, 300 MB plus through
> put.  Management, bless them, likes to have choices, I would like to
> present more then one vendor if possiable.
>
> I have experiences with two commercial firewalls, Checkpoint and
> Gauntlet, and one freeware firewall, Ipfilter.  But the links where way
> under 10 Meg Byte.  None of the firewalls I have work on 'claim' the
> speeds I am looking for.  All the magazines 'test/reviews' I have looked
> at top out at about 150 Meg. Byte.  The number of users for this project
> would not be large, but each one would be moving Gig Byte size files
> across the world.

FYI, I've tested IP Filter with Sun's gigabit network cards.  I needed
to do some work to get NAT working (patches in current rev.), but you
need to try real hard to get gigabit speeds.  The problem with high
performance wasn't so much a problem for IP Filter as the card itself
(in a 450 with 4x400).  Crossover UTP to a 250 yielded throughputs in
the 200Mbit/s range - about a 20% utilization.  I'd be doing my own
testing of anyone who claims to be doing 300Mb/s (likely to be purpose
bulit hardware though) before buying it.

When I get my hands on either an ATM crossover or cheap ATM switch,
I'll be able to do some testing at 155Mb/s speed.  I expect it to
go smoothly, but still not OC3.  For now, FDDI suffices...

Darren