Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewalls ...
- From: "Peter J. Cherny" <peterc@xxxxxxxxxxxxxx>
- Date: Thu, 13 Apr 2006 23:39:04 +1000
At 04:24 AM 5/4/06, Keith A. Glass wrote:
We're currently spec'ing functional requirements for a new web-based implementation of a number of enterprise apps. One obvious problem is
...
I'm wondering, if it's a "new web-based implementation",
why you need a L3 firewall ?
I'd have thought a simple stateless filter rule that allows
web access, but denies the rest, would suffice.
The state kept by the SLB fixes returned packets by only
NATing valid session traffic.
I know a couple of old AD3/4 used for both SLB and filtering
can easily support a few Gb of traffic,
I'd imagine newer boxen from all the vendors would do better.
My contrary view is that the firewalls don't belong out-front,
but should live deeper in a layered architecture ...
... defense-in-depth means multiple choke points,
not just a single perimeter barrier.
pjc
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Prev by Date: Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . .
- Next by Date: Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancingfirewalls that are also scalable and modular. . .
- Previous by thread: [fw-wiz] FW: firewall-wizards digest, Vol 1 #1775 - 5 msgs
- Next by thread: RE: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewalls ...
- Index(es):
Relevant Pages
|
