Firewall Wizards mailing list archives
High-Availability FW/VPN for Data Centers
From: "Joe Ippolito" <joe () joesnet com>
Date: Mon, 12 Mar 2001 07:28:57 -0800
We have successfully deployed a primarily VPN-based WAN connecting 59-sites in a very large manufacturing company. The push now is to move line-of-business applications to three data centers, one in the US, one in Europe and one in Asia. The data centers will have multiple T3/E3 circuits to two major providers. We wish to change the FW/VPN platform that we currently use due an occasional NDIS buffer overflow problem that requires a re-boot. Hardware for almost all of our firewalls is aging and is due for refresh. Some of the requirements are: Secure Internet firewalls. High availability - a single hardware failure cannot cause a loss of connectivity. High throughput - up to 90 Mbits/sec of IPSec 3DES encryption. Global management - A single database of network definitions, rulebases, etc for over 100 firewalls/VPN devices. Desirable: Quality of service so that the transfer of very large CAD files to/from data centers cannot easily slow down time-sensitive ERP interactive sessions. Products currently being considered: Firewall-1/VPN-1 CP HA on Linux and Provider-10 Nokia Fw1/VPN1, VRRP and Provider-10 Cisco Pix and CSPM MS ISA, Win 2K L2TP/IPSec, NLB, MMC I do not give the fourth option much chance due to low a level of experience but, pricing makes it an alternative that I would like to keep in the analysis for reference. I would like to get your opinions on the options I have described above for my initial presentation to my management. Thank you in advance for your valued input. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- High-Availability FW/VPN for Data Centers Joe Ippolito (Mar 13)
- <Possible follow-ups>
- RE: High-Availability FW/VPN for Data Centers Joe Ippolito (Mar 14)
- Re: High-Availability FW/VPN for Data Centers Shane Amante (Mar 14)