[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: IP Filters?
From:       Anton J Aylward <anton () the-wire ! com>
Date:       1997-07-04 6:57:34
[Download RAW message or body]

At 05:28 PM 03/07/97 -0400, Nick Simicich wrote:
## Reply Start ##

>One client reported enormous degredation on high volume applications with
>even one filter rule.
>
>On Thu, 3 Jul 1997, Fernando da Silveira Montenegro wrote:
>
>> 
>> What seems to be the general consensus on how many filtering rules one can
>> configure on a router without imposing a noticeable performance penalty:
>> 10? 50? 100?

Have a look th the Network Systems BorderGuard series of routers.
They were designed as security filters, use Andrew Molitor's advanced
filter language, and DON'T DEGRADE as the filters are applied.

/anton

## Reply End ##
--------------------------------------------------------------------------
Anton J Aylward                  | Security is not something that comes in 
The Strahn & Strachan Group Inc  | a self-contained box. It is an attribute 
Information Security Consultants | of how you do business and as such 
Voice: (416) 494-8661            | needs to be managed carefully.
  Fax: (416) 494-8803            |      - Karen Goertzel, Wang Federal Inc.

[prev in list] [next in list] [prev in thread] [next in thread]