Firewalls: Speed of Firewalls

Firewalls
(September 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Speed of Firewalls
From:	"KEVIN_T._LIKES"@IMA.ISD.STATE.IN.US
Date:	Thu, 22 Sep 1994 09:21:56 -0500
To:	firewalls @ greatcircle . com

I'm looking into implementing a firewall for our organization.  I've gotten a 
lot of useful information from this mailing list, as well as from the firewalls 
book and other net sources.  I've realized of late that there are a couple of 
requirements we have that I haven't seen much talked about.  

The first item is the speed of traffic through the firewall.  My manager would 
like us to design the firewall to be capable of passing about an ethernet's 
worth of traffic, the idea of course being to plan for future capacity now.  If 
we were just doing packet screening, this would be fairly simple (as far as I 
can tell), but we need an application gateway that can handle PC-based 
applications which are not necessarily designed to be used through a firewall.  
I realize that this is probably unrealistic, but we do want to get as much speed
as possible.

Another concern is the user interface.  We have a large number of users who are 
not technically sophisticated and are used to having GUI interfaces for 
everything.  A lot of firewall solutions I have seen involved the user 
telnetting to one host, and getting out from there with a text based interface. 
Can the firewall machine intercept the traffic and pass it on in a way which is 
transparent to these users?

The configuration we will be using will look something like the Plan B setup in 
the Firewalls book.  That is, screening routers on either side of a dual-homed 
gateway host.  We want to allow outward access to HTTP, NNTP, Telnet, Gopher, 
and FTP.  Incoming, we would allow only Telnet and FTP with authentication.

My big concerns are what hardware/OS to use for the gateway host, and what 
firewall software would fit into our plans.  We really need off-the-shelf 
solutions, because we don't have the in house manpower to do the development.

Any information you can give me would be appreciated.

Kevin T. Likes

email: Kevin_T .
 _Likes @
 ima .
 isd .
 state .
 in .
 us
       klikes @
 ideanet .
 doe .
 state .
 in .
 us .
 

phone: (317) 233-0521
fax:   (317) 232-0748

100 N. Senate Avenue Room N551
Indianapolis, IN  46204

Indexed By Date	Previous:	Re: (Un)private mail. From: "Peter G. Trei" <ptrei @ bistromath . mitre . org>
Indexed By Date	Next:	Re: (Un)Private Mail From: Steve Kennedy <steve @ gbnet . org>
Indexed By Thread	Previous:	Re: (Un)private mail. From: "Peter G. Trei" <ptrei @ bistromath . mitre . org>
Indexed By Thread	Next:	TIS ftp-gw and PASV From: sgcccdc @ citec . qld . gov . au (Colin Campbell)