[fw-wiz] Real Traffic Testing
From: Gianpiero Porchia (gianpiero.porchia_at_atsweb.it)
Date: 10/24/03
- Previous message: Sloane, David: "RE: [fw-wiz] (no subject)"
- Next in thread: John Adams: "Re: [fw-wiz] Real Traffic Testing"
- Reply: John Adams: "Re: [fw-wiz] Real Traffic Testing"
- Reply: Luca Berra: "Re: [fw-wiz] Real Traffic Testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Firewall-Wizards" <firewall-wizards@honor.icsalabs.com> Date: Fri, 24 Oct 2003 10:10:30 +0200
Hi,
We are evaluating a new firewall technology. Instead of testing it in a lab,
we would like to test it in a production environment. The idea should be the
following:
- Get the production traffic (for example using TAPs)
- Send the traffic to the new firewall
- Look at the firewall behaviour
The schema should be:
OUTSIDE
|
|TAP-1
+-----------------------
| |
--------- ----------
| FW | | FW-test|
--------- ----------
| |
|TAP-2 |
+-----------------------
|
|
INSIDE
- Get traffic from OUTSIDE to INSIDE using TAP-1
- Get traffic from INSIDE to OUTSIDE using TAP-2
The objectives (ie why we want to use production traffic):
- Testing FW-test for performance (looking at its resources) in OUR real
world environment;
- Testing FW-test for configuration. Looking at log files we want to get the
identical configuration of FW, so we can switch to FW-test with minimal
troubles.
The problems:
- The traffic is directed to the MAC address of FW, so FW-test will drop it;
- The traffic passing through the TAPs is function of the configuration of
FW (but it's a minor problem, since we pretend to have the same
configuration on FW-test);
Have you some idea to get the objectives?
Thanks.
- gian
_____
Ing. Gianpiero Porchia
Security Engineer
ATS - Advanced Telecom Systems
Designing, Testing, Managing Network Quality
Via Salgari, 17 - 41100 Modena - ITALY
Tel +39 059 821332
Fax +39 059 821492
Cel +39 335 330413
E-mail: gianpiero.porchia@atsweb.it
messenger.msn.com: http://messenger.msn.com/, gianpiero.porchia@atsweb.it
Web site: http://www.atsweb.it
PGP Key ID: 0xCAE064A4 (pgpkeys.mit.edu:11371)
Fingerprint: 080D AD88 C18A FCA3 91BC 0DF2 F05F 7489 CAE0 64A4
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Sloane, David: "RE: [fw-wiz] (no subject)"
- Next in thread: John Adams: "Re: [fw-wiz] Real Traffic Testing"
- Reply: John Adams: "Re: [fw-wiz] Real Traffic Testing"
- Reply: Luca Berra: "Re: [fw-wiz] Real Traffic Testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
