Re: Firewall Comparisons

[jamesworld () intelligencia com]

I can speak with some authority for the PIX - the OS is ROCK - best I've 
seen on a firewall.  It runs and that's it.  period. 515E can support 
either 3 or 6 interfaces and the functionality is very reliable.  The 
management can be done from any machine with either combination (serial 
port (requires proximity) or IP address).  One firewall you can 
realistically 'set it and forget it" once you have the thing PROPERLY 
configured!!!! (I am sure that there will be flames on this but it's 
true)  the only thing that would be appropriate to modify would be shuns or 
IP blocks if you needed to.  (I'm certified on the PIX)

WatchGuard - Neat features.  NOT a stable box.  Not at all.  I've probably 
rebuilt, troubleshot crashed from plain rule base changes more than any 
other firewall. Every OS upgrade ''seem's'' to get a bit better. 'When' it 
works, it does - alright. I DO NOT like that there is a separate 
application that is needed to operate/configure the thing (same with 
Checkpoint).  If that machine ever dies and you just happen to NEED to get 
into the box to work on it (Mr Murphy) your screwed.  You need to install 
the app on a separate machine and then patch it then you can finally work. 
( I am certified on this too)

Netscreen - Nice throughput, the OS is not quite 'there' yet, but it's very 
close. The built in authentication fir LDAP and Active Directory are nice 
features.  [I am still a fan of authentication mechanism's outside of 
TACACS or RADIUS to reside on a separate device.server] - personal 
prference] ( I am not certified on this device yet)



Whatever you chose.........monitor the logs.  That is the critical point 
that crosses ALL firewalls.


At 14:59 6/27/2003, Joseph wrote:
> I'm looking for a site that has some good firewall comparisons.  I'm looking
> for more than just throughput; I would like a comparison of how secure they
> can be.  How "well built" the OS is on them?  How do their stateful
> filtering mechanisms compare?  Also, if anyone has had any good/bad
> experience with these firewalls in particular, please let me know.
>
> Cisco PIX 515E
>
> WatchGuard Firebox 700
>
> NetScreen 25
>
> I'm having trouble finding any objective reviews.
>
>
> ---------------------------------------------------------------------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> ----------------------------------------------------------------------------




---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
    
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
         
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------