> You should check out the NSC DX/E.
This may be my fault for loosely throwing around the term "firewall".
But we don't want to rely on packet filters to make sure that it's
really their CRAY talking to our CRAY. We have no assurance that their
CRAY hasn't been compromised by bad guys, and even if it hasn't,
everybody here knows by now that source addresses on packets can be forged.
So speed of the router is not where we're going to fall down. Our
external connections will have to log in through a gateway machine,
probably running the TIS proxies, so we can use a strong authentication
scheme to make sure that someone claiming to be one of our remote users
really is that person. So we need an application gateway, not a
router, that can pass packets at faster-than-T1 speeds.