Re: stealth firewalls

[Dave Mitchell <dave () jnsnet com>]

Irwin,
  Netscreen's line of firewalls allow you to run in bridged or routing mode 
and provide stateful inspection inbound/outbound and more. I've used these for quite
a while, and they work well in bridging mode. They have a loopback IP
"system-ip" that *can* be configured for management. Using the "sys-ip" allows 
one to  configure a VPN using this as the tunnel endpoint.

It's a hardware based appliance, and gets very good throughput. Throughput
obviously depends on the model. The NS5-XP has two 10mb/fd interfaces and
the more expensive models have 3 or more 100mb/fd. Obviously performance
will degrade based on the type and number of IPSec tunnels.

-dave

On Wed, Jan 16, 2002 at 02:00:53PM -0700, Irwin Lazar wrote:
> I'm reading up a bit on stealth mode firewalls and was wondering what the
> industry view is toward these types of boxes.  From my research, stealth
> mode firewalls act as LAN switches or bridges, and do not actively modify
> the packets they process (such as decrementing TTL).  Is this correct?
>
> It seems there are some obvious advantages to stealth mode firewalls since
> they are completely hidden at the IP layer, but I'm wondering if there are
> any significant drawbacks.  It seems that products are limited, only Sun's
> SunScreen & BSD Linux support this functionality.
>
> Any thoughts?
>
> Irwin
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards