On Dec 17, 2003, at 6:30 PM, sd2mcleo_at_engmail.uwaterloo.ca wrote:
> I'm looking to compare the use of router ACLs versus firewalls in
> enforcing
> network security. If you could provide me with the pros and cons of
> using each...
>
> - Performance: what are the performance capabilities of each method
> and how does
> the throughput compare?
Some routers and switches have firewall features, and some firewalls
can route and switch. Then to define what is an ACL or a firewall rule
gets even harder.
Furthermore, you also need to differentiate between network equipment
that makes packet forwarding decisions in the software realm (like PIX
or Linux) versus ASIC implementation (like Cisco's 6500, 7600 series or
NetScreen stuff), and what that particular hardware and software
combination can handle. It's not a firewall vs. ACL question anymore.
For some platforms, there is little correlation between CPU usage,
traffic throughput, and concurrent sessions/states. For some platforms
there is severely painful correlation.
The lines differentiating firewalls, routers, and switches will
probably continue to only get more blurred as these features'
implementations blend hardware and software solutions. I guess my
point is that for now you at least need to compare individual firewall
products against those of the same architecture (software or ASIC
based).
Dale
------------------------------------------------------------------------
----
Dale W. Carder dwcarder_at_doit.wisc.edu
Network Engineer University of Wisconsin at Madison
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jan 03 2004
Intro
