Hi Cedric,
Thanks for the reply. I agree that the L4 appliances will do a good job,
I'm particularly impressed by Alteon and Radware. Of course I hate to
see you buy them since they are the competition :-)
VLAN'ing for security is an interesting concept, but it's always made me
nervous because of the potential for accidental misconfiguration or a
hack against the switch itself (e.g. the recent Cisco buffer overflow
mentioned on bugtraq). If the switch security is ever comprised, you
might as well not have a firewall between the VLAN'd nets. To each his
own, of course.
Thanks again,
Jack
Cedric Amand wrote:
>
> Hello Jack,
>
> JC> Hardware boxes will be fast and will do a good job of load-balancing.
> JC> They'll also be expensive because they need to go all over the place
> JC> (sandwiching in multiple dimensions).
>
> RadWARE fireproof load balancers are doing a good job. They can also
> be configured in VLANs, reducing the need of mulitple boxes for
> simple configurations. The load balancing is done in multiple ways.
> They only have 4 fast ethernets. They cost about $20,000.
> You need two of them minimum.
>
> Alteon switches are about the same price, but you need four of them in
> even the simplest configuration. They support gigabit ethernet tough.
> The laoc balancing is done on the couple "IP source - IP dest". This
> lod balancing doesn't satisfy me (dangerous in case of attack, doesn't
> take into account that entire providers appear as their tranparent
> proxy's IP these days, ...)
>
> After weeks of evaluation I think RadWARE products have some decisive
> advantages over other solutions like foundry or Alteon. I rejected
> Foundry because of TCP bugs causing trivial prediction sequence (that
> were fixed since then I think.) The main problem with RadWARE could be
> that the hardware is rather old, but new platforms are on the way.
>
> We'll be using fast ethernet then gigabit ethernet RadWARE load
> balancers in front of a farm of Sun Enterprise 220 with CKP FW1.
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
Jack Coates, Rainfinity SE
e: [EMAIL PROTECTED]
t: 650-962-5301
m: 650-280-4376
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
