Firewall Wizards mailing list archives
Re: need advice on a NAT issue.
From: <hesselsp () ashaman dhs org>
Date: Fri, 26 Jan 2001 10:52:06 -0500 (EST)
I do have a limit to the number of ports I can filter. Zero. I can not be filtering ANYTHING, all I am using this for is NAT. According to the engineers at stonesoft, they do share state. I am at my wits end here. I can't beleive that their isn't a NAT product that will provide high availability.(or should I say fault tolerant, which is more like what I want.) On Thu, 25 Jan 2001, Swift Griggs wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 25 Jan 2001 hesselsp () ashaman dhs org wrote: - -=>Considering I don't plan on doing ANY filtering, what do I get from - -=>FW-1 and (Stonebeat|Rainwall)? - -=>-state sharing Well, my experience with Stonebeat is that it does not share state between nodes in the cluster. It's a pretty interesting system, but I won't go into all the details. Keep in mind that most setups which are capable of sharing state will also be limited to less than the theoretical 65535 simultaneous TCP connections. For most places it isn't a big deal. However, you mentioned "weird protocol support". If you are in an environment where you are limited by the number of outbound ports you can filter, then you should keep it in mind. If you have a large number of unfiltered outbound ports then the first time a bored sysadmin does a port scan outside your AS it'll soak your connection table. The cool thing about the Stonebeat solution is that you can "stack" the number of open ports by adding more firewalls. SWiFT GRiGGS | NiC SG1991 | PGP D38E3D91 | SSGRiGGS () USA NET Non Illegitemus Carborundum. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6cQxZgta6ENOOPZERAromAJ9aQB9Ma+CvlvtMi9/WHZBV+R3Y5ACeNeLZ zZZQZpMzxJ4Ye1Te1RKGJp8= =L2qM -----END PGP SIGNATURE-----
-- --Paul _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- need advice on a NAT issue. hesselsp (Jan 25)
- Re: need advice on a NAT issue. Swift Griggs (Jan 26)
- Re: need advice on a NAT issue. hesselsp (Jan 26)
- Re: need advice on a NAT issue. Mike Johnson (Jan 26)
- Re: need advice on a NAT issue. hesselsp (Jan 26)
- <Possible follow-ups>
- Re: need advice on a NAT issue. Jeffery . Gieser (Jan 26)
- Re: need advice on a NAT issue. hesselsp (Jan 26)
- Re: need advice on a NAT issue. Swift Griggs (Jan 26)