On Thu, 4 Sep 2003 TSimons_at_Delphi-Tech.com wrote:
> You may want to checkout SmokePing which works off of RRDTool. It sends 10
> pings ever 2 minutes, averages and graphs their response time and loss if
> any.
Sounds like a nice tool, thanks for the pointer. But....
> You would setup a host internally with smoke pings against the inside
> interface of the PIX, and the router just outside the PIX, then compare the
> graphs.
As the latency across the firewall hopefully isn't great, would not the
potential difference between the ping-response time of the firewall and
router be significant?
Surely such a test would be better constructed with two identical,
unloaded hosts - one just inside the FW and one just outside?
Ob FW: Whilst obviously anything that's not simply routed (e.g. proxied
protocols) would be a completely different kettle of fish, to what extent
could one then reasonably generalise the results obtained from ping tests
(i.e. ICMP packets) to other protocols?
Regards,
Neale.
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Sep 12 2003
Intro
