That's a very bad idea and is pointless. A good security implementation will put stuff like that in more outer layers.
Ask how the IDS devices will handle jumbo frames and ask if they can run at near 1Gb/s line-speeds. That's hard to do.
-----Original Message----- From: Nils Vogels [mailto:bacardicoke@gmail.com] Sent: Thursday, March 20, 2008 12:03 PM To: Tom Yates Cc: toasters@mathworks.com Subject: Re: Performance impact of in-lined firewalls/IDS
Hi Tom,
On Thu, Mar 20, 2008 at 3:34 PM, Tom Yates madlists@teaparty.net wrote:
I have a bunch of filers that we use from various hosts for CIFS, NFS and iSCSI. Powers That Be are planning to put both a firewall and an
adaptive IDS between my filers and my hosts.
Not all iSCSI implementations support routing of iSCSI PDU's, so take that into account while choosing your IDS solution :)
Greets,
Nils -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you.