Re: Firewall Products

[Chris Fontaine <chris.fontaine () HUMBER CA>]

I aggree other than the support issue....when Juniper took over Netscreen the
support went south (and cost thereof) went WAY up.

Not to mention that the Netscreen 500's (yes plural) could not handle the
regular attack activity seen everyday.

We now use Fortinet 3600's in active / passive HA clustering and have been
overjoyed with the performance and functionality, not to mention
support.......(just our experience)

Chris


 ==========================================================================

Chris Fontaine
Digital Information Protection & Security,

Humber College
Information & Technology Services
205 Humber College Blvd
Toronto, Ontario, Canada
M9W 5L7
chris.fontaine () humber ca
(416) 675-6622 ext 4461


The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> on Thursday, February 9, 2006 at 9:47 AM -0500
wrote:
> Martin,
>
> I have some experience with both Fortigate and Netscreen. I like both
> products very much.  Bang for the buck, the Fortigate wins. Overall
> including support, which is very important to me, the Netscreen wins. I
> have always received very good support from Netscreen but Fortigate has
> been sketchy. My 2 cents.
>
> Daren
>
> -----Original Message-----
> From: Flagg, Martin D. [mailto:FlaggMD () HIRAM EDU]
> Sent: Friday, February 03, 2006 6:24 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Firewall Products
>
> I am a long time user of the PIX.  Currently we have out grown our PIX.
> My first thought was to replace it with another PIX.  I am having
> seconds thoughts and am looking for opinions and advice.  The products
> we have considered, so far, are PIX(or ASA line from Cisco), Fortigate
> and the Astaro.  I like both the Fortigate and the Astaro but am
> reluctant since I do not know anyone else using these products.
>
> I am a little confused about where Cisco is going with its IDSM-2, FWSM
> (PIX blade for 6500) and its ASA line.
>
>
> My scenario is as follows
>
> Limited budget, I can afford a Firewall but not a Firewall and a Web
> Proxy/Web Antivirus product
>
> Currently we have nothing protecting HTTP/HTTPs from virus's
>
> I need to get nice reports and probably need a new syslog product/report
> product, I have hardware already for this.
>
> We currently have AntiSpam that we are happy with, a VPN that we are
> happy with, A Cisco IDSM-2 that I am not happy with (not dynamic enough
> and too much time spent tuning) and Email anti-virus that is OK.
>
>
> Any help on or offline is appreciated.
>
> Martin D. Flagg
> Network Engineer/Administrator
> Hiram College