RE: High Speed Firewalls

["Woeltje, Donald" <dwoeltje () sebh org>]

That's really nice........But you know what? I think I'll stick to a couple
of Sidewinder firewalls, Axent ESM, Security Dynamics ACEServer/SecurID,
Cylink PrivateWire, Datafellows F-Secure, CA Encrypt-It, ISS SafeSuite, and
NAI NetShield/VirusScan. I know that your (and others) "e-commerce
appliances" are suppose to contain everything, including the kitchen sink,
but I think that when you try to do that something is going to get lost
along the way. Other companies can go with those "super-duper, all-in-one,
everything-and-the-kitchen-sink-too" boxes, but not any company that I'm the
network/security engineer for.

And even when I'm doing consulting work, unless it's a SOHO (where they
simply don't have the funds to do it right), I still wouldn't recommend an
"e-box" (That's what I'm going to call them from now on; an "e-box"). And if
it is a SOHO, I simply won't take the job. I will not recommend a product,
or a technology, that I simply don't believe in.

Now if others think that these boxes do a good job, fine. What works fine
for you is great by me. I'm in no position to tell anyone else that what
they are doing is wrong. Not until I've "walked a mile in their shoes." So
if there are people out there that read this that like the boxes, no offense
intended. Indeed, I salute you. More power to you. But I will never you
these boxes because I don't believe that they can bring everything to the
table that a non-"all-in-one" solution can bring.

> -----Original Message-----
> From: Bruce Byrd [SMTP:byrd () home com]
> Sent: Sunday, March 05, 2000 10:56 PM
> To:   firewall-wizards () nfr net
> Subject:      Re: High Speed Firewalls
>
> Please excuse the vendor plug but this thread was too close to what we've 
> developed to pass up...
>
> RapidStream (www.rapidstream.com) will be announcing high-performance 
> security appliances starting in April. We are looking for good beta sites 
> to test our Gigabit and 100 Mbps Ethernet appliances. If you're
> interested, 
> send me an email.
>
> Bruce
>
>
> At 10:24 AM 3/3/00 -0800, Ryan McBride wrote:
> > Lucent has a brand new product called the "Access Point 1000" which is a
> > router/firewall/vpn solution, and claims to move data at speeds up to 450
> > Mb/s (155Mb/s 3DES)
> >
> > -Ryan
> >
> > Henry Baez wrote:
> > > I am doing research on very high speed firewalls.  I mean firewalls
> that
> > > are right now available that could handle OC3 and higher speeds via
> Gig
> > > Byte Etherenet cards.  In searching the recent posting of this list
> and
> > > a lot of general web searching, I have found only one firewall that
> > > claims they can do so.  It is call POTUS from a company called
> Livermore
> > > Software Laboratories.  I would very much like to find at lease
> another
> > > vendor which at lease matches the claim of PORTUS, 300 MB plus through
> > > put.  Management, bless them, likes to have choices, I would like to
> > > present more then one vendor if possiable.
> > >
> > > I have experiences with two commercial firewalls, Checkpoint and
> > > Gauntlet, and one freeware firewall, Ipfilter.  But the links where
> way
> > > under 10 Meg Byte.  None of the firewalls I have work on 'claim' the
> > > speeds I am looking for.  All the magazines 'test/reviews' I have
> looked
> > > at top out at about 150 Meg. Byte.  The number of users for this
> project
> > > would not be large, but each one would be moving Gig Byte size files
> > > across the world.
> >
> > --
> > Ryan McBride - mcbride () countersiege com
> > Systems Security Consultant
> > Countersiege Systems Corporation - http://www.countersiege.com