Firewall Wizards mailing list archives
Re: RE: Firewall-1 platforms
From: "shawn . moyer" <shawn () net-connect net>
Date: Tue, 06 Mar 2001 14:16:02 -0600
"Kalat, Andrew (ISS Atlanta)" wrote:
Fourth, with dual Sun boxes, and a good fail over product like StoneBeat, I believe you can do load balancing of traffic between both Sun boxes. As far as I know, you can't do load balancing between two Nokia boxes yet.
Oh, but you can! :) Not a huge fan of the Nokia's (pretty pricey as far as bang for the buck -- I'd like to see FW-1 support *BSD... then I could build my own appliance for 1/3 the cost), but at a previous employer we chose the Nokia's over Stonebeat and Sun gear because of the excellent failover support. Nokia's boxen do VRRP (Virtual Router Redundancy Protocol) with state shared between firewalls without having to add a third party app. This is also cool becuse it will interoperate with other gear that talks VRRP, like Foundry, etc. YMMV, but (better put on my asbestos pajamas!) in my experience Nokia's VRRP is simpler to configure and more robust than Stonebeat. This is not to say Nokia is the way to go, in our particular situation it made sense, but if you're comparing to Sun, either way you're looking at pretty hefty dollars. On the Linux side, if I recall correctly the only supported distro was Redhat, so if you're considering going that route, make sure you implement as many OS security measures as possible. You definitely want a minimal install, followed by some hardening scripts -- you might give Bastille a try: http://www.bastille-linux.org --shawn -- s h a w n m o y e r shawn () net-connect net Man will occasionally stumble over the truth, but most of the time he will pick himself up and continue on. -- Churchill _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall-1 platforms David Lang (Mar 04)
- <Possible follow-ups>
- RE: Firewall-1 platforms Kalat, Andrew (ISS Atlanta) (Mar 05)
- Re: Firewall-1 platforms Darren Reed (Mar 05)
- Re: Firewall-1 platforms Shaun Moran (Mar 06)
- Re: Firewall-1 platforms Darren Reed (Mar 05)
- RE: Firewall-1 platforms Smith, Gary (SCOTAM) (Mar 06)
- Re: RE: Firewall-1 platforms David Lang (Mar 07)
- RE: RE: Firewall-1 platforms Kalat, Andrew (ISS Atlanta) (Mar 06)
- Re: RE: Firewall-1 platforms Darren Reed (Mar 07)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 07)
- RE: RE: Firewall-1 platforms Joe Ippolito (Mar 07)
- RE: RE: Firewall-1 platforms Chuck Fasching (Mar 07)
- RE: RE: Firewall-1 platforms Kalat, Andrew (ISS Atlanta) (Mar 07)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 07)
- Re: RE: Firewall-1 platforms Barney Wolff (Mar 09)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 09)
- Re: RE: Firewall-1 platforms Barney Wolff (Mar 09)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 09)
- Re: RE: Firewall-1 platforms Barney Wolff (Mar 09)
- Message not available
- Re: Firewall-1 platforms (end of thread, I hope.) shawn . moyer (Mar 09)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 07)