Re: Broadband Router/Firewall

[Stephen Lee <sl@example.com>]

"Scott M. Stone" <sstone@example.com> wrote:
> On Mon, 3 Sep 2001, Stephen Lee wrote:
> 
> > 1. Is Stateful Inspection worth the extra 15,000 yen or so?  Should I
> > forget it and just get a cheap NAT/Masq box?
> 
> on the one hand, $150 extra for stateful inspection sounds like a good
> deal, but on the other hand, unless you've got static IPs with servers on
> them behind that router, it probably doesn't matter - for outbound-only
> traffic from your internal network, the masquerading/NAT should be
> adequate protection since none of those boxes have public IP addresses.

I do plan to have some kind of inbound connection, but probably just to
myself at first.  The IP I get is global and is fairly static (i.e. it
hasn't changed since the last few days through much power-cycling) so I am
concerned about scans.

> > 2. Anyone has experience with Allied Telesis's AR320?  It seems to be the
> > most featureful but has only 10Mbps interfaces on both sides, so I am
> > worried about its throughput.
> 
> If you're getting DSL in japan that can saturate a 10 megabit link, I'm
> moving back there :)  I seriously doubt it'd be a problem otherwise.

You can get Usen's FTTH if you live in the right area (100Mbps both ways)
and in practice you get about 5Mbps or so to the internet (and I suppose
more if you access Usen's internal servers).

But the interface speed is not the problem, it is the routing throughput.
Some of the cheap NAT boxen can barely do 2Mbps and that is with packet
filtering.  So I'm wondering if the AR320 (which does stateful inspection)
is powerful enough.

Stephen