The purpose of a security device is to protect a network, not to be fast.
Fast is what airline travelers want when passing through airport security,
secure is what they want when they tumble through the air after their plane
Packet filtering (State-based or not) is akin to just checking a persons' ID
and itinerary, and not x-raying their luggage.
P.S - If your customer has the equivalent of an amusement park he he wants
customer throughput (money), and may not need airport-level security, so 'ID
and destination' level security may be 'good enough'. None of my customers
are amusement park equivalent.
At 04:08 AM 6/11/97 +1000, proff @
>Store and forward is the bane of the networking world. Let us compare the SPS
>As you can see, the SPF thrashes the proxy resoundly, its destination
>being able to process the first 100 bytes at 400ms, while the
>proxy's sits on its hands till 800ms. The SPF destination is able
>to process the last 100 bytes at 600ms - a full 200 ms (or better,
>depending on processing latecy in the destination for the first
>200 bytes) before the proxy network.
>Prof. Julian Assange |If you want to build a ship, don't drum up people
> |together to collect wood and don't assign them tasks
org |and work, but rather teach them to long for the endless
edu |immensity of the sea. -- Antoine de Saint Exupery