Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: High Speed Firewalls

Re: High Speed Firewalls

From: Chenggong Charles Fan <fan_at_rainfinity.com>
Date: Tue, 07 Mar 2000 20:56:54 -0800

I have a question regarding using load-balancers (such as F5, Alteon or
LocalDirector) for firewalls to achieve high performance and high
availability. If the firewall sits on 3 subnets, it seems that you'll
need three pairs of load balancers (one for each subnet) to have a HA+LB
solution. If you have more subnets, it's gonna be even more expensive.
Is there any go-around for that?

Charles

"Woeltje, Donald" wrote:
>
> I'm sorry Rick, but it's not. When I priced BigIP, it was running over
> $50,000 (depending on the licensing, as I remember; it's been a couple
> years). At that same time, the Alteon ACESweitch 180 (with the ACElerate
> software) came in at between $17,000 and $18,000. And the ACESwitch
> performed 20 times faster, approximately. And it had all the same types of
> load balancing features. It also outperformed Cisco's Load Director (or, and
> I apologize to the group if I'm remembering the name a little incorrectly,
> Cisco's Local Director; again, it's been a couple years) by an even greater
> amount. Now, if I remember correctly, the Cisco solution was running in the
> low $20k's, almost price competitive with the Layer 4 switches on the market
> (including Alteon, which was the only Layer 4 switching product I tested).
> But in my mind there was just no comparison, overall. Why pay more for less
> when you can pay less for more?
>
> > -----Original Message-----
> > From: Rick Murphy [SMTP:rmurphy_at_mitretek.org]
> > Sent: Thursday, March 02, 2000 7:15 AM
> > To: Henry Baez; firewall-wizards_at_nfr.net
> > Subject: Re: High Speed Firewalls
> >
> > At 10:51 AM 3/1/00 -0500, Henry Baez wrote:
> > >I am doing research on very high speed firewalls. I mean firewalls that
> > >are right now available that could handle OC3 and higher speeds via Gig
> > >Byte Etherenet cards. In searching the recent posting of this list and
> > >a lot of general web searching, I have found only one firewall that
> > >claims they can do so. It is call POTUS from a company called Livermore
> > >Software Laboratories. I would very much like to find at lease another
> > >vendor which at lease matches the claim of PORTUS, 300 MB plus through
> > >put. Management, bless them, likes to have choices, I would like to
> > >present more then one vendor if possiable.
> >
> > Since your requirement is for large bulk file transfers, I'd be wary - or
> > at least ask the vendor to let you validate their performance claims. If
> > I'm not mistaken, Portus uses a ftp proxy. To get anything like 300 MB/s
> > through a proxy is going to use a really big hulking machine - especially
> > if you're talking a small number of FTP streams. Even 300 megabit/sec is
> > pretty unlikely unless it's a big box.
> > I agree with the other folks that using a filtering router is probably the
> >
> > lowest cost solution for you.
> > -Rick
Received on Mar 12 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]