An application gateway firewall based on Linux - ITShield firewall

An application gateway firewall based on Linux - ITShield firewall

Post by Viv » Fri, 06 Jun 2003 01:46:47



ITShield Networks Inc. (http://www.itshield.com) released ITShield firewall,
a transparent application gateway firewall based on Linux. It can handle
more than 5000 TCP sessions, unlimited UDP sessions, and unlimited IP
sessions at application-level in parallel. It supports IPSEC VPN, PPTP VPN,
remote administration, and user authentication. It is very easy to install
and configure.

It supports Sun 64-bit machines as well as Intel compatible machines.

 
 
 

An application gateway firewall based on Linux - ITShield firewall

Post by Peteris Krumin » Fri, 06 Jun 2003 05:35:33




Quote:> ITShield Networks Inc. (http://www.itshield.com) released ITShield
> firewall, a transparent application gateway firewall based on Linux.
> It can handle more than 5000 TCP sessions, unlimited UDP sessions, and
> unlimited IP sessions at application-level in parallel. It supports
> IPSEC VPN, PPTP VPN, remote administration, and user authentication.
> It is very easy to install and configure.

> It supports Sun 64-bit machines as well as Intel compatible machines.

I'd rather to test it in my test enviroment, does it support gigabit
ethernet? If not, i dont think i will be willing to test it anymore.

Also, how intensively did you test it that you state it is able to handle
more than 5000 TCP sessions?

P.Krumins

 
 
 

An application gateway firewall based on Linux - ITShield firewall

Post by Viv » Fri, 06 Jun 2003 07:15:09


Yes, it support some gigabit ethernet cards. But if your most concern is
speed instead of security, you ought to go with a Stateful-Inspection
firewall.

In order to test the firewall's availibility and capability of handling the
high volume-traffic, we used a tool which can issue about 1000 number of
concurrent http, ftp and telnet requests to some different servers through
the firewall, and ran it on several machines. From fwadmin, a GUI tool to
manage the firewall, we saw the number of concurrent sessions reach 3000.
According to the design, the number of concurrent TCP can be more than 5000.

You may not believe because in mornal case:
    1. 300 processes running in a UNIX system makes the system very very
slow;
    2. In Linux system there is the maximum number of threads in a process,
that is 1024;
    3. There is the limit number of file descriptors a process can create.
The default is 1024;
    4. The maxmum value of file descriptor select() can handle is 1023.

Our developers modified the kernel, and adopted some special technologies so
that the firewall can handle more than 5000 TCP sessions, unlimited UDP
sessions, and unlimited IP sessions at application-level.

If you use it, you will find out the firewall can do many things that you
have never imaged.

Regards,

Viv




> > ITShield Networks Inc. (http://www.itshield.com) released ITShield
> > firewall, a transparent application gateway firewall based on Linux.
> > It can handle more than 5000 TCP sessions, unlimited UDP sessions, and
> > unlimited IP sessions at application-level in parallel. It supports
> > IPSEC VPN, PPTP VPN, remote administration, and user authentication.
> > It is very easy to install and configure.

> > It supports Sun 64-bit machines as well as Intel compatible machines.

> I'd rather to test it in my test enviroment, does it support gigabit
> ethernet? If not, i dont think i will be willing to test it anymore.

> Also, how intensively did you test it that you state it is able to handle
> more than 5000 TCP sessions?

> P.Krumins

 
 
 

An application gateway firewall based on Linux - ITShield firewall

Post by Peteris Krumin » Fri, 06 Jun 2003 10:38:51




Quote:> Yes, it support some gigabit ethernet cards. But if your most concern
> is speed instead of security, you ought to go with a
> Stateful-Inspection firewall.

> In order to test the firewall's availibility and capability of
> handling the high volume-traffic, we used a tool which can issue about
> 1000 number of concurrent http, ftp and telnet requests to some
> different servers through the firewall, and ran it on several
> machines. From fwadmin, a GUI tool to manage the firewall, we saw the
> number of concurrent sessions reach 3000. According to the design, the
> number of concurrent TCP can be more than 5000.

> You may not believe because in mornal case:
>     1. 300 processes running in a UNIX system makes the system very
>     very
> slow;
>     2. In Linux system there is the maximum number of threads in a
>     process,
> that is 1024;
>     3. There is the limit number of file descriptors a process can
>     create.
> The default is 1024;
>     4. The maxmum value of file descriptor select() can handle is
>     1023.

> Our developers modified the kernel, and adopted some special
> technologies so that the firewall can handle more than 5000 TCP
> sessions, unlimited UDP sessions, and unlimited IP sessions at
> application-level.

> If you use it, you will find out the firewall can do many things that
> you have never imaged.

Thanks for the information!
I will set it up on my test servers probably today in the evening (after
12 hours), then i will make some testing.

P.Krumins

 
 
 

1. An application gateway firewall based on Linux - ITShield firewall

ITShield Networks Inc. (http://www.itshield.com) released ITShield firewall,
a transparent application gateway firewall based on Linux. It can handle
more than 5000 TCP sessions, unlimited UDP sessions, and unlimited IP
sessions at application-level in parallel. It supports IPSEC VPN, PPTP VPN,
remote administration, and user authentication. It is very easy to install
and configure.

It supports Sun 64-bit machines as well as Intel compatible machines.

2. partitioning

3. An application gateway firewall based on Linux - ITShield

4. Customizable Router

5. ANNOUNCE: XT hard disk driver ALPHA-4

6. A wonderful linux-baed firewall - ITShield Firewall is released

7. How to get the swap size of UNIX system?

8. ITShield Firewall based on Linux is released

9. A wonderful Linux-based firewll - ITShield Firewall is released

10. Firewall / Router / Gateway {Linux/*BSD-based}

11. what is minimum components to install for console based gateway/proxy/firewall?

12. ITShield Firewall V1.3 is released