Educause Security Discussion mailing list archives
Re: Firewall Products
From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Fri, 3 Feb 2006 09:56:15 -0500
I have not used a PIX for about 2 years now so not sure what has changed. I will say though that for the experience I do have with it and others, this is one case where Cisco's pricing does tend to be pretty competitive (if not outright better). I also prefer PIXen compared to other "smarter" OS based firewalls. Although most vendors are going to stripped down Linux kernels and technically all Cisco OSs are probably some derivative of a stripped down *nix variant I find a lot more comfort in devices where you can not find ANY traces of the original base OS. Bang for the buck, I would still be seriously considering PIX as a pure and effective firewall. FYI: our organization is currently using checkpoint. We have too much dollars and staff time/staff comfort invested to consider changing at this point but may consider in the future. The gripe I have with checkpoint is that it seems overly complicated for what we need it to do. Also, by being "smarter" also leaves a lot of room for mistakes (both by us and the vendor). And at the firewall is the last place I want mistakes. (e.g. a new feature set to "monitor", not "enforce", still enforced and broke a needed application leading some on campus to have valid reason to "blame the firewall") _________________________ Thank you, Gregory R. Scholz Lead Network Engineer Information Technology Group Keene State College (603)358-2070 -----Original Message----- From: Lee Weers [mailto:weersl () CENTRAL EDU] Sent: Friday, February 03, 2006 9:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Firewall Products I have a similar situation in that we have a 515 classic that we have out grown. Limited budget (actually no budget until July). I will be looking at pricing of the Sidewinder from Secure computing next week with a vendor. It sounds like a great appliance, but I am nervous about the cost. -----Original Message----- From: Flagg, Martin D. [mailto:FlaggMD () HIRAM EDU] Sent: Friday, February 03, 2006 8:24 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Firewall Products I am a long time user of the PIX. Currently we have out grown our PIX. My first thought was to replace it with another PIX. I am having seconds thoughts and am looking for opinions and advice. The products we have considered, so far, are PIX(or ASA line from Cisco), Fortigate and the Astaro. I like both the Fortigate and the Astaro but am reluctant since I do not know anyone else using these products. I am a little confused about where Cisco is going with its IDSM-2, FWSM (PIX blade for 6500) and its ASA line. My scenario is as follows Limited budget, I can afford a Firewall but not a Firewall and a Web Proxy/Web Antivirus product Currently we have nothing protecting HTTP/HTTPs from virus's I need to get nice reports and probably need a new syslog product/report product, I have hardware already for this. We currently have AntiSpam that we are happy with, a VPN that we are happy with, A Cisco IDSM-2 that I am not happy with (not dynamic enough and too much time spent tuning) and Email anti-virus that is OK. Any help on or offline is appreciated. Martin D. Flagg Network Engineer/Administrator Hiram College
Current thread:
- Firewall Products Flagg, Martin D. (Feb 03)
- <Possible follow-ups>
- Re: Firewall Products Lee Weers (Feb 03)
- Re: Firewall Products Justin Dover (Feb 03)
- Re: Firewall Products Scholz, Greg (Feb 03)
- Re: Firewall Products David Gillett (Feb 03)
- Re: Firewall Products Gary Dobbins (Feb 03)
- Re: Firewall Products Daren Kinser (Feb 09)
- Re: Firewall Products Chris Fontaine (Feb 09)