RE: radware IDS load balancer

[simon.thornton () swift com]

Hi,

I just finished evaluating the RadWare fireproof in comparison to the
TopLayer IDS balancer and F5 product. The model I used was the 5Gb/16FE
with Gb fibre modules. The only issue I had initially was related to the
firmware version; 2.51.04, which did not support port based forwarding.
One area where the fireproof and toplayer switches differ is in how you
define which traffic gets sent/balanced to which ports. On the toplayer
the default mode is to forward one or more ports (all traffic) to one or
more sensors. On the fireproof, with the firmware I had all you could
define was forwarding based on IP address, which make combining diff.
network segments (DMZ, DB LAN etc) onto the same switch with diff. IDS
sensors tricky.  The firmware upgrade to v2.53.07 brings it to the same
level of functionality as the toplayer.

The only GUI interface inconsistency is between the web interface and
configware, some of the options are not available on the web interface.

For management of the box you have:
- configware (SNMP v1 based)
- web interface
- SSH 
- Telnet

(these can be disabled as needed)

Configware is java based, using SNMP v1 to access the radware, it can be
installed on almost any JVM; tested under Windows, Solaris and Linux.
Care should be taken in configuring the initial SNMP communities, using
something simple initially and then change it using either the web or
configware interfaces.


If you take the fireproof, I have two recommendations:

1. Upgrade the firmware to the latest version, 2.53.07 or later
2. Upgrade configware to v1.77 or later

The latter upgrade helps as it puts all of the IDS balancing functions
into the same menu group (the policies were separate originally).


The areas where the TopLayer scores better are in it's reporting
capabilities, if you want stats showing the break down of the traffic
you have it. Secondly the ASIC Flow-switch design is IMHO superior to
the software design used by Radware.

If you consider that the Toplayer IDS Balancer is a cut down app. switch
where as the Fireproof is full L7 application switch, the difference in
price is easier to understand. The fireproof is closer to the app.
switch offering of Toplayer than the IDS balancer.

In terms of ports, the IDS Balancer A3532 has 2x 1000 base SX ports plus
12x 10/100 FE in 2U, the top range fireproof is 5x 1000base SX plus 16x
10/100 FE in 1U. For port density in a rack, the fireproof is superior.

One item to note;  on each machine you will loose one FE port for
managing the device.


I like both switches but when it comes to price/port density, the
Radware fitted my requirements more than the toplayer.

  

Rgds, 
  

Simon 
---------------------------------------------------------------
BTW, FWIW, IMHO, AFAIK, yes. OTOH, AAMOF, maybe not. YMMV

 



-----Original Message-----
From: Stone Cold [mailto:scold () stackheap org]
Sent: Monday, December 16, 2002 17:44
To: focus-ids () securityfocus com
Subject: radware IDS load balancer

I'm checking out a Radware loadbalancer and was wondering if anyone else
out there has any experience with or comments about it.

Specifically, I'm looking into the "Out of Path" network design with
which I want to take a Gig fiber input, and load balance to multiple FE
sensors.

Just wondering how this product is holding up for others.

Attachment: smime.p7s
Description: