Re: [fw-wiz] Real Traffic Testing

From: Luca Berra (
Date: 10/26/03

  • Next message: Luke Butcher: "Re: [fw-wiz] One Time Password Tokens"
    To: Firewall-Wizards <>
    Date: Sun, 26 Oct 2003 15:37:38 +0100

    Gianpiero Porchia wrote:
    > Hi,
    > We are evaluating a new firewall technology. Instead of testing it in a lab,
    > we would like to test it in a production environment. The idea should be the
    > following:
    > - Get the production traffic (for example using TAPs)
    > - Send the traffic to the new firewall
    > - Look at the firewall behaviour

    it might work only if:
    - FW and FW-test are only dumb packet filters
    - FW and FW-test are guaranteed to behave in the same way when mangling

    but then it might not.... i believe the lab option will give you less

    > The problems:
    > - The traffic is directed to the MAC address of FW, so FW-test will drop it;
    you have to change the mac-address of FW-test to match FW

    Luca Berra --
      X        AGAINST HTML MAIL
     / \
    firewall-wizards mailing list

  • Next message: Luke Butcher: "Re: [fw-wiz] One Time Password Tokens"