Yes, there are switches with firewall features. Alteon ACEDirector 2 is one
which not only does layer 3 load balancing, but also layer 3 packet filters,
which can be applied to particular physical ports on the switch. The filters
include ACK matching (the equivalent of the Cisco "established" flag), as well
as protocol, src/dest port and IP's - just what you'd expect. It further
secures load-balanced services by forbidding access to the real servers behind
the VIP setup in the switch. Alteon has several other switches which
load-balance and packet-filter up to Gigabit speeds. The Alteon switches can
also redirect layer 3 traffic to some other server, for transparent proxies,
but also you could use it to send an intruder to a sandbox.
Foundry ServerIron is getting packet filters, too (but too late for our
evaluation).
www.alteon-networks.com
www.foundrynet.com
There are probably others.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of jen
> Sent: Thursday, May 06, 1999 3:35 PM
> To: [EMAIL PROTECTED]
> Subject: Switch level firewalls?
>
>
> Now that routing is moving to the switch level (layer 3 switching), are
> there also attempts at putting firewall features into switches? I'm
> thinking of firewalls to separate internal networks from each other, in
> addition to protecting from outside intruders. Sometimes it's not even
> a security issue in research labs ... we often just want to try weird
> things.
>
> Jen
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
