Re: [fw-wiz] Firewalls & multicast- what's the choice?

Bob Arthurs wrote:
my company is going to build three new data centers and we are considering
The firewalls need to be able to forward quite high volumes of mulitcast and
interact with **PIM router** (cisco router). Traffic volumes are at least
10s of Mbps (including unicast traffic), maybe 100s, maybe 1Gbps!

Other than that it be a "firewall" do you have anything in mind vis-a-vis
the security properties you expect from the device? Do you want URL
filtering? Attack signature-checking and blocking? Shared state failover?
Layer 7 protocol verification?

For what it's worth, there are plenty of firewalls that "handle" multicast
by simply letting it zip through. I don't know of any that do anything
especially useful above { source, dest, s_port, d_port } screening.
So if you're looking for that, you may as well just use a router. Maybe
put a big sticker on it that reads "FIREWALL" so your management
will be happy with it. ;)


firewall-wizards mailing list