Firewall Wizards mailing list archives
Re: Info Request: Looking for alternatives in HA/Load balancing firewalls ...
From: "Peter J. Cherny" <peterc () luddite com au>
Date: Thu, 13 Apr 2006 23:39:04 +1000
At 04:24 AM 5/4/06, Keith A. Glass wrote:
We're currently spec'ing functional requirements for a new web-based implementation of a number of enterprise apps. One obvious problem is...
I'm wondering, if it's a "new web-based implementation", why you need a L3 firewall ? I'd have thought a simple stateless filter rule that allows web access, but denies the rest, would suffice. The state kept by the SLB fixes returned packets by only NATing valid session traffic. I know a couple of old AD3/4 used for both SLB and filtering can easily support a few Gb of traffic, I'd imagine newer boxen from all the vendors would do better. My contrary view is that the firewalls don't belong out-front, but should live deeper in a layered architecture ... ... defense-in-depth means multiple choke points, not just a single perimeter barrier. pjc _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Info Request: Looking for alternatives in HA/Load balancing firewalls ... Peter J. Cherny (Apr 23)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls ... Keith A. Glass (Apr 23)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls ... Marcus J. Ranum (Apr 26)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls ... Keith A. Glass (Apr 26)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls ... Marcus J. Ranum (Apr 26)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls ... Marcus J. Ranum (Apr 26)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls ... Keith A. Glass (Apr 23)