Firewall Wizards mailing list archives

Re: High Speed Firewalls

From: "Carric Dooley" <carric () com2usa com>
Date: Thu, 2 Mar 2000 14:40:43 -0500

I have seen specs stating 160Mb throughput for a Nokia IP650... that would just barely cover an OC3.  This number may 
be inflated however.. we have Smartbit cards here but only for layer 2 testing (damn,damn!!).  Anyone done any 
independent testing?


Carric Dooley
Network Security Consultant

"A little inaccuracy sometimes saves a ton of explanation. " 
- H. H. Munro (Saki) (1870-1916) 
----- Original Message ----- 
From: ddhumphr <david () bbn com>
To: <firewall-wizards () nfr net>
Sent: Thursday, March 02, 2000 8:28 AM
Subject: Re: High Speed Firewalls

Hmmm.  Aside from the I/F nomenclature misunderstanding, I'd suggest you talk to a
Netscreen rep..  Their ASIC design looks interesting, their rules are very
reasonable, their admin. interface is very usable, and their large server is heavy
throughput.  And no, there is no reason that most people would think to use such a
high speed device.

...but then most people don't work at ISP's.  Nor do they operate part of the
national backbone.  So most people won't see the need for one of these.  That does
not, however mean it does not exist, believe me.


Ace


Robert Graham wrote:

I think their may be some confusion between "gigabit" and "gigabyte".

Also, from your description, it sounds like you don't need a "firewall" but
basic packet filtering. A Cisco router can handle gigabits/second and can carry
out this basic level of filtering.

A high-end commercial firewall is good when you have a huge series of security
needs that you want centralized: dynamic filters, VPN, NAT, proxy, etc. It is
an extremely poor solution if you need high-speed, basic static packet filters.
Any commercial firewall is overkill for such simple needs; you'll like find
what you need in a packet-filtering router.


--
David Humphrey
Network Consultant
Professional Services

GTE Technology Organization
10 Fawcett St.
Cambridge, MA 02138
e-mail: david () bbn com
tel: 617 873 7548
Pager:  888 548 5834 (5485834 () skytel com)

Current thread:

Re: High Speed Firewalls, (continued)
- - - Re: High Speed Firewalls Bennett Todd (Mar 02)
- Re: High Speed Firewalls Darren Reed (Mar 01)
- Re: High Speed Firewalls Bill Pennington (Mar 02)
  - Re: High Speed Firewalls Ryan McBride (Mar 05)
  - Message not available
    - Re: High Speed Firewalls Bruce Byrd (Mar 06)
- PORTUS (was Re: High Speed Firewalls) Josef Pojsl (Mar 02)
- Re: High Speed Firewalls Rick Murphy (Mar 02)
- RE: High Speed Firewalls Dippold, John (Mar 01)
- Re: High Speed Firewalls Robert Graham (Mar 01)
  - Re: High Speed Firewalls ddhumphr (Mar 02)
    - Re: High Speed Firewalls Carric Dooley (Mar 02)
- Re: High Speed Firewalls Henry Baez (Mar 01)
- RE: High Speed Firewalls Deane, James (Mar 02)
  - Re: High Speed Firewalls woody weaver (Mar 03)
    - Re: High Speed Firewalls Johann G. Hautzinger (Mar 06)
    - Re: High Speed Firewalls woody weaver (Mar 12)
- RE: High Speed Firewalls Woeltje, Donald (Mar 02)
- RE: High Speed Firewalls John F. Appel (Mar 02)
- RE: High Speed Firewalls Dippold, John (Mar 02)
- RE: High Speed Firewalls Sink, Douglas D (Doug), BNSVC (Mar 02)
- RE: High Speed Firewalls Burden, James (Mar 02)

(Thread continues...)