Re: [fw-wiz] 10Gb Firewalls

Cisco Catalyst 6500 with two FWSM's should do it for you, with two more FWS=
M's it can handle 20Gbps (supposedly). Product overview:

[url]http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps4452/prod_bulle=[/url]
tin0900aecd80630a8e_ps2706_Products_Bulletin.html

"The FWSM for Cisco Catalyst=AE 6500 Series Switches and Cisco 7600 Series =
Routers is a high-performance, integrated stateful inspection firewall with=
application and protocol inspection engines, providing 5.5 Gbps of through=
put; 100,000 connections per second; and one million concurrent connections=
.."

Ask your vendor for a demo unit to test with to see if it meets your needs.=
I've got three of them (cat 6500s), and love them dearly, but I have done=
no throughput tests.

--Patrick Darden


-----Original Message-----
From: [email]firewall-wizards-bounces@listserv.icsalabs.com[/email]
[mailto:firewall-wizards-bounces@listserv.icsalabs.com]On Behalf Of
Kerry Milestone
Sent: Tuesday, April 29, 2008 4:36 AM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] 10Gb Firewalls


Hello kind Wizards,

I am investigating the possibilities of putting a firewall on the end of =

a 10Gb link. I'd like to be able to inspect at 10Gb wirespeed. As this =

is a scoping project (though it _has_ to happen due to the nature of =

projects in the institute), cost is not the main issue. I've come =

across the Nortel Switched Firewall 6000, however this 'only' does 6Gb =

throughput.

Alternatively, we have several firewalls which work at 1Gb and are =

wondering if its a better to chanelize [sic] and put say 10 firewalls =

each dealing with different traffic. In coming years, IP based VPN's to =

other sites will become more used - and more 10Gb links to site perhaps =

building up to a 40Gb WAN backbone. We currently have an IDS which will =

can handle this much volume.

The next question, is extending the SAN. If using iSCSI, is it better =

to leave this traffic off the firewall and just route it through, say a =

GRE tunnel without encryption?

Would be keen to hear any thoughts on the theory of what I want to do. =

Implementation is not so difficult, really after some 'best practices' =

thoughts.


Many thanks,
Kerry.




-- =

The Wellcome Trust Sanger Institute is operated by Genome Research =

Limited, a charity registered in England with number 1021457 and a =

company registered in England with number 2742969, whose registered =

office is 215 Euston Road, London, NW1 2BE. =

_______________________________________________
firewall-wizards mailing list
[email]firewall-wizards@listserv.icsalabs.com[/email]
[url]https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards[/url]
_______________________________________________
firewall-wizards mailing list
[email]firewall-wizards@listserv.icsalabs.com[/email]
[url]https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards[/url]