Re: [fw-wiz] 10Gb Firewalls

Palo alto seems to have a pretty fast firewall.
http://www.paloaltonetworks.com/products/pa4000.html

They're not bad, you should take a look and see if it fits your setup.
One thing they lack right now is VPN capabilities, but they are working on it.


frank

On Tue, Apr 29, 2008 at 3:36 AM, Kerry Milestone <km4@xxxxxxxxxxxx> wrote:
Hello kind Wizards,

I am investigating the possibilities of putting a firewall on the end of a
10Gb link. I'd like to be able to inspect at 10Gb wirespeed. As this is a
scoping project (though it _has_ to happen due to the nature of projects in
the institute), cost is not the main issue. I've come across the Nortel
Switched Firewall 6000, however this 'only' does 6Gb throughput.

Alternatively, we have several firewalls which work at 1Gb and are
wondering if its a better to chanelize [sic] and put say 10 firewalls each
dealing with different traffic. In coming years, IP based VPN's to other
sites will become more used - and more 10Gb links to site perhaps building
up to a 40Gb WAN backbone. We currently have an IDS which will can handle
this much volume.

The next question, is extending the SAN. If using iSCSI, is it better to
leave this traffic off the firewall and just route it through, say a GRE
tunnel without encryption?

Would be keen to hear any thoughts on the theory of what I want to do.
Implementation is not so difficult, really after some 'best practices'
thoughts.


Many thanks,
Kerry.




--
The Wellcome Trust Sanger Institute is operated by Genome Research Limited,
a charity registered in England with number 1021457 and a company registered
in England with number 2742969, whose registered office is 215 Euston Road,
London, NW1 2BE. _______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked. — White House Cybersecurity
Advisor, Richard Clarke
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: [fw-wiz] 10Gb Firewalls
    ... I am investigating the possibilities of putting a firewall on the end of ... is a scoping project (though it _has_ to happen due to the nature of ... The Wellcome Trust Sanger Institute is operated by Genome Research ... company registered in England with number 2742969, ...
    (Firewall-Wizards)
  • Re: [fw-wiz] 10Gb Firewalls
    ... I am investigating the possibilities of putting a firewall on the end of ... is a scoping project (though it _has_ to happen due to the nature of ... The Wellcome Trust Sanger Institute is operated by Genome Research ... company registered in England with number 2742969, ...
    (Firewall-Wizards)
  • Re: [fw-wiz] 10Gb Firewalls
    ... traffic through a firewall would be a serious negative in my opinion. ... The Wellcome Trust Sanger Institute is operated by Genome Research ... company registered in England with number 2742969, ... "Some things are eternal by nature, ...
    (Firewall-Wizards)
  • [fw-wiz] 10Gb Firewalls
    ... As this is a scoping project, cost is not the main issue. ... I've come across the Nortel Switched Firewall 6000, however this 'only' does 6Gb throughput. ... The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. ...
    (Firewall-Wizards)
  • [fw-wiz] NetScreen Logging with NSRP
    ... passive/active firewall setup with NSRP. ... The Wellcome Trust Sanger Institute is operated by Genome Research ... company registered in England with number 2742969, ...
    (Firewall-Wizards)