[fw-wiz] Real Traffic Testing

From: Gianpiero Porchia (gianpiero.porchia_at_atsweb.it)
Date: 10/24/03

  • Next message: Melson, Paul: "RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC"
    To: "Firewall-Wizards" <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 24 Oct 2003 10:10:30 +0200
    
    

    Hi,

    We are evaluating a new firewall technology. Instead of testing it in a lab,
    we would like to test it in a production environment. The idea should be the
    following:

    - Get the production traffic (for example using TAPs)
    - Send the traffic to the new firewall
    - Look at the firewall behaviour

    The schema should be:

             OUTSIDE
                    |
                    |TAP-1
                    +-----------------------
                    | |
              --------- ----------
              | FW | | FW-test|
              --------- ----------
                | |
                |TAP-2 |
                +-----------------------
                |
                |
             INSIDE

    - Get traffic from OUTSIDE to INSIDE using TAP-1
    - Get traffic from INSIDE to OUTSIDE using TAP-2

    The objectives (ie why we want to use production traffic):
    - Testing FW-test for performance (looking at its resources) in OUR real
    world environment;
    - Testing FW-test for configuration. Looking at log files we want to get the
    identical configuration of FW, so we can switch to FW-test with minimal
    troubles.

    The problems:
    - The traffic is directed to the MAC address of FW, so FW-test will drop it;
    - The traffic passing through the TAPs is function of the configuration of
    FW (but it's a minor problem, since we pretend to have the same
    configuration on FW-test);

    Have you some idea to get the objectives?

    Thanks.

    - gian
    _____

    Ing. Gianpiero Porchia
    Security Engineer

    ATS - Advanced Telecom Systems
    Designing, Testing, Managing Network Quality

    Via Salgari, 17 - 41100 Modena - ITALY
    Tel +39 059 821332
    Fax +39 059 821492
    Cel +39 335 330413
    E-mail: gianpiero.porchia@atsweb.it
    messenger.msn.com: http://messenger.msn.com/, gianpiero.porchia@atsweb.it
    Web site: http://www.atsweb.it

    PGP Key ID: 0xCAE064A4 (pgpkeys.mit.edu:11371)
    Fingerprint: 080D AD88 C18A FCA3 91BC 0DF2 F05F 7489 CAE0 64A4

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Melson, Paul: "RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC"