This is a discussion on Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load - Firewalls ; At 04:24 AM 5/4/06, Keith A. Glass wrote: >We're currently spec'ing functional requirements for a new web-based >implementation of a number of enterprise apps. One obvious problem is >... I'm wondering, if it's a "new web-based implementation", why you need ...
At 04:24 AM 5/4/06, Keith A. Glass wrote:
>We're currently spec'ing functional requirements for a new web-based
>implementation of a number of enterprise apps. One obvious problem is
>...
I'm wondering, if it's a "new web-based implementation",
why you need a L3 firewall ?
I'd have thought a simple stateless filter rule that allows
web access, but denies the rest, would suffice.
The state kept by the SLB fixes returned packets by only
NATing valid session traffic.
I know a couple of old AD3/4 used for both SLB and filtering
can easily support a few Gb of traffic,
I'd imagine newer boxen from all the vendors would do better.
My contrary view is that the firewalls don't belong out-front,
but should live deeper in a layered architecture ...
.... defense-in-depth means multiple choke points,
not just a single perimeter barrier.
pjc
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards
