Has anyone implemented a firewall on a SOLARIS x86 platform with
multiple DMZ's? Did it work (and is it still working?)
My application is to firewall a handfull of networks with a low total
data througput but I must pass multicast traffic through the firewall.
I need to support 5-6 ethernet interfaces but only 500 Kbps - 1.5 Mbps
total system throughput.
Rummor has it that a Pentium 200 running SOLARI x86 2.5.1 will
outperform
a SPARCStation 5. But a SPARCStation 5 can have 9 ethernet interfaces
(motherboard + 2 quad cards) while a Pentium usually has a limited
number
of free slots. (I know about specialty motherboards but am trying to
stick
to a "common" platform.)
The firewall vendors say that a SPARC 5 has plenty of power for lots of
interfaces with low traffic loads.
It seems easier, safer and cheaper to add some more interfaces once you
have a 3 interface base. Adding a router with a few interfaces in the
DMZ would work, but it seems like a less secure and more expensive
solution
for a couple additional lines with such low loads (and very few nodes on
each link).
Can anyone comment on or tell war stories about multiple DMZ systems,
especially using Raptor or Checkpoint?
Thanks in advance,
Adam
--
Adam Safier asafier @
csc .
com
CSC-SED-Infosec (301) 794-1349
Technology Abuse: Netscape Frames on a 14" screen.
The above are my own opinions,
and I'm proud to live in a country where I'm free to express them!
|
|
