Firewall Wizards mailing list archives

Re: Firewalls that generate new packets..

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Mon, 26 Nov 2007 00:31:08 -0500

Dave Piscitello wrote:

I really would like to see a thorough analysis of the performance of an application layer policy enforcement using 
strictly stateful inspection techniques versus the same policy enforced using strictly proxy techniques.


It's pointless, Dave. "stateful inspection firewalls" ought to consistently
perform about as fast as routers. Because that's pretty much what they
are. Something that does any layer-7 analysis will always be slower
than something that does nothing more than table lookup and a
sequence number check.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewalls that generate new packets.., (continued)
- - Re: Firewalls that generate new packets.. ArkanoiD (Nov 21)
    - Re: Firewalls that generate new packets.. Dave Piscitello (Nov 23)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 23)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 25)
  - Re: Firewalls that generate new packets.. Paul Melson (Nov 23)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 23)
    - Re: Firewalls that generate new packets.. Dave Piscitello (Nov 23)
    - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 23)
    - Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 25)
    - Re: Firewalls that generate new packets.. Dave Piscitello (Nov 25)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 26)
    - Re: Firewalls that generate new packets.. Paul Melson (Nov 25)
- Re: Firewalls that generate new packets.. pkc_mls (Nov 19)
- Re: Firewalls that generate new packets.. lordchariot (Nov 21)
  - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 23)
- Re: Firewalls that generate new packets.. jdgorin (Nov 21)
  - Re: Firewalls that generate new packets.. Dave Piscitello (Nov 21)
- Re: Firewalls that generate new packets.. jdgorin (Nov 21)
- Re: Firewalls that generate new packets.. Bill McGee (bam) (Nov 25)
  - Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 25)
    - Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 25)

(Thread continues...)