-----Original Message-----
are also scalable and modular. . .

> We're currently spec'ing functional requirements for a new web-based

implementation of a
> number of enterprise apps. One obvious problem is the firewall system: it

needs to be both
> load-balancing and high-availability, AND scalable. We're still getting a

feel for
> potential traffic, but we expect to have a requirement for in-line

expansion of the system
> while remaining online.

Sounds like a big firewall. I'm curious, though, as to why load-balancing
is a requirement. My experience has been that an appropriately-sized single
firewall as part of a fail-over pair is more reliable and performs better
than a comparable load-balanced firewall.

> One of the obvious candidates is the Nortel Alteon platform, but that
> also limits us to FW-1. We're nowhere close to downselect on a
> platform or a firewall, but I'm looking for alternative platforms to start

getting info on,
> so we can make sure the requirements we develop can actually be

IMPLEMENTED in reality. . .

If it were me, I'd look at SPLAT with ClusterXL over Alteon. You'll lay out
some dough for load-balancing with ClusterXL, but at least the hardware can
be (relatively) cheap.

The only other firewall vendor I can think of that does (or at least claims
to do) load-balancing is Symantec Enterprise Firewall. However, you may
also want to look at third-party load-balancing solutions like Radware
FireProof or Foundry ServerIron.


firewall-wizards mailing list