High-Availability FW/VPN for Data Centers
Joe Ippolito
joe at JOESNET.COM
Mon Mar 12 10:29:48 EST 2001
We have successfully deployed a primarily VPN-based WAN connecting 59-sites
in a very large manufacturing company. The push now is to move
line-of-business applications to three data centers, one in the US, one in
Europe and one in Asia. The data centers will have multiple T3/E3 circuits
to two major providers. We wish to change the FW/VPN platform that we
currently use due an occasional NDIS buffer overflow problem that requires a
re-boot. Hardware for almost all of our firewalls is aging and is due for
refresh.
Some of the requirements are:
Secure Internet firewalls.
High availability - a single hardware failure cannot cause a loss of
connectivity.
High throughput - up to 90 Mbits/sec of IPSec 3DES encryption.
Global management - A single database of network definitions, rulebases, etc
for over 100 firewalls/VPN devices.
Desirable:
Quality of service so that the transfer of very large CAD files to/from data
centers cannot easily slow down time-sensitive ERP interactive sessions.
Products currently being considered:
Firewall-1/VPN-1 CP HA on Linux and Provider-10
Nokia Fw1/VPN1, VRRP and Provider-10
Cisco Pix and CSPM
MS ISA, Win 2K L2TP/IPSec, NLB, MMC
I do not give the fourth option much chance due to low a level of experience
but, pricing makes it an alternative that I would like to keep in the
analysis for reference.
I would like to get your opinions on the options I have described above for
my initial presentation to my management.
Thank you in advance for your valued input.
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list