Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Firewall on windows NT

1 view
Skip to first unread message

Steven Mooij

unread,
Feb 5, 2001, 6:59:47 PM2/5/01
to
Someone told me that running a software firewall on a M$ Windows NT 4
machine with more than 3 NIC's is 'bad practice'. Does someone know some
sort of 'evidence' to make this statement less subjective? I mean
experiences or articles? Arguments of the contrary are also welcome.

Tim Haynes

unread,
Feb 5, 2001, 7:12:57 PM2/5/01
to
Steven Mooij <smo...@hotmail.com> writes:

What has this to do with c.o.l.s?

I've never had to "firewall" an NT box, and wouldn't want to anyway, but
I'll drop in one bit of advice from the linux world: all a firewall does is
to enforce your thoughts on what packets are allowed in what direction on
which interface. If your software makes setting this up a less than
pleasant experience, that's not my problem.

(Follow-ups set.)

~Tim
--
12:09am up 43 days, 2:18, 10 users, load average: 0.17, 0.09, 0.05
pig...@glutinous.custard.org | I don't want to be a pie!
http://piglet.is.dreaming.org | ...I don't like gravy...

Derek Morton

unread,
Feb 6, 2001, 4:03:45 AM2/6/01
to
One of the sites I worked in had 6 nics in each firewall.

Joe Schaefer

unread,
Feb 7, 2001, 8:45:44 AM2/7/01
to
"Frank S" <fse...@hsadsl.net> writes:

> > Please learn to to top-post, it makes it hard to follow a thread.
>
> I posted exactly where I wanted to post. As a direct reply to the
> originator of the thread.

Lovely, that.

> > The number of NICs is a performance issue, if there are ten 10/100
> > cards then the total potential throughput is 1 Gb/sec which is far
> > beyond the capability of most firewall software.
>
> Bandwidth is bandwidth. You will never use more than you have. It's just a
> matter of who gets it and who doesn't. If you don't connect them they don't
> get it. If you do connect them and they exceed the bandwidth, some don't
> get it. Bottom line... you max out at the same point no matter what. Might
> as well hit the max. If you artificially throttle-back by simply not
> providing access you are imposing an unnecessary limit.

Ever heard of an IRQ?

*plonk*

--
Joe Schaefer "He can compress the most words into the smallest idea of any
man I know."
-- Abraham Lincoln

Frank S

unread,
Feb 7, 2001, 8:04:43 PM2/7/01
to
> *plonk*

*plonk* *plonk*

Mike Hanna

unread,
Feb 8, 2001, 1:02:00 AM2/8/01
to
No problem with it, the only reason I could understand this is that maybe
they are referring to the maximum throughput for NT. NT can only push about
350Mbps, not a number of NICs but throughput. I have ran NT with 5 with no
problem.

This typically isn't the limiting factor in firewalls seeing as most IF
lucky get a T-3 (45Mbps) and usually it's a T-1.


"Steven Mooij" <smo...@hotmail.com> wrote in message
news:3A7F3E73...@hotmail.com...

0 new messages