Re: [fw-wiz] Real Traffic Testing

From: Luca Berra (bluca_at_comedia.it)
Date: 10/26/03

  • Next message: Luke Butcher: "Re: [fw-wiz] One Time Password Tokens"
    To: Firewall-Wizards <firewall-wizards@honor.icsalabs.com>
    Date: Sun, 26 Oct 2003 15:37:38 +0100
    
    

    Gianpiero Porchia wrote:
    > Hi,
    >
    > We are evaluating a new firewall technology. Instead of testing it in a lab,
    > we would like to test it in a production environment. The idea should be the
    > following:
    >
    > - Get the production traffic (for example using TAPs)
    > - Send the traffic to the new firewall
    > - Look at the firewall behaviour

    it might work only if:
    - FW and FW-test are only dumb packet filters
    or
    - FW and FW-test are guaranteed to behave in the same way when mangling
    packets

    but then it might not.... i believe the lab option will give you less
    headaches.

    > The problems:
    > - The traffic is directed to the MAC address of FW, so FW-test will drop it;
    you have to change the mac-address of FW-test to match FW

    -- 
    Luca Berra -- bluca@comedia.it
     /"\
     \ /     ASCII RIBBON CAMPAIGN
      X        AGAINST HTML MAIL
     / \
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Luke Butcher: "Re: [fw-wiz] One Time Password Tokens"

    Relevant Pages

    • Re: How to access the host behind the Firewall
      ... positions when pressured to give access to untrained personnel. ... I am not familiar with the firewall, so maybe this problem is not ... From the host in the lab I can browse internet, ...
      (comp.security.firewalls)
    • Odd SonicWall behavior
      ... firewall for it and some of the other computers in the lab. ... but around a week ago the campus's network admin contacted us and said ... Since keeping the webserver up is the lab director's primary ...
      (Security-Basics)
    • Re: Odd SonicWall behavior
      ... They have a webserver with some sort of vaguely sensitive ... > firewall for it and some of the other computers in the lab. ... > but around a week ago the campus's network admin contacted us and said ...
      (Security-Basics)
    • How to access the host behind the Firewall
      ... I am not familiar with the firewall, so maybe this problem is not ... My situation is somewhat like this: I have a hostin the lab ... From the host in the lab I can browse internet, ... from the host in Lab) I will send commands to the client through the server ...
      (comp.security.firewalls)
    • Re: Stupid question
      ... I have never worked with SSH but need to ramp up fast (e.g. over the ... firewall and want to set up a little lab to find out what is/isn't ...
      (comp.security.ssh)