Re: [fw-wiz] Firewalls & multicast- what's the choice?
- From: "Marcus J. Ranum" <mjr@xxxxxxxxx>
- Date: Tue, 01 Aug 2006 10:16:00 -0400
Bob Arthurs wrote:
my company is going to build three new data centers and we are considering
The firewalls need to be able to forward quite high volumes of mulitcast and
interact with **PIM router** (cisco router). Traffic volumes are at least
10s of Mbps (including unicast traffic), maybe 100s, maybe 1Gbps!
Other than that it be a "firewall" do you have anything in mind vis-a-vis
the security properties you expect from the device? Do you want URL
filtering? Attack signature-checking and blocking? Shared state failover?
Layer 7 protocol verification?
For what it's worth, there are plenty of firewalls that "handle" multicast
by simply letting it zip through. I don't know of any that do anything
especially useful above { source, dest, s_port, d_port } screening.
So if you're looking for that, you may as well just use a router. Maybe
put a big sticker on it that reads "FIREWALL" so your management
will be happy with it. ;)
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] Firewalls & multicast- what's the choice?
- From: Gumennik, Mark
- Re: [fw-wiz] Firewalls & multicast- what's the choice?
- References:
- [fw-wiz] Firewalls & multicast- what's the choice?
- From: Bob Arthurs
- [fw-wiz] Firewalls & multicast- what's the choice?
- Prev by Date: Re: [fw-wiz] Firewalls & multicast- what's the choice?
- Next by Date: [fw-wiz] Recamendations on firewalls
- Previous by thread: Re: [fw-wiz] Firewalls & multicast- what's the choice?
- Next by thread: Re: [fw-wiz] Firewalls & multicast- what's the choice?
- Index(es):
