Re: [fw-wiz] Firewalls that generate new packets..

Dave Piscitello wrote:
I really would like to see a thorough analysis of the performance of an application layer policy enforcement using strictly stateful inspection techniques versus the same policy enforced using strictly proxy techniques.

It's pointless, Dave. "stateful inspection firewalls" ought to consistently
perform about as fast as routers. Because that's pretty much what they
are. Something that does any layer-7 analysis will always be slower
than something that does nothing more than table lookup and a
sequence number check.


firewall-wizards mailing list