Firewall Wizards mailing list archives
Re: Experiences with Netscreen?
From: David Shimamoto <dshimamo () appliedtheory com>
Date: Thu, 12 Oct 2000 10:16:11 -0400
I would appreciate any technical info on any NetScreen appliance you might come across.
We currently use CheckPoint and Gaunlet, we are now deploying NetScreen devices as well.
It is difficult (so far) to get any technical info on the NetScreen product. Our question on whether the stateful inspection is ASIC or software based went unanswered when submitted to a NetScreen support provider. This question was asked to determine what type of actual "line" speed we could expect from the NetScreen 10.
This product is simple to configure and deploy. It will be used only for small hosting environments.
Excluding the NetScreen 1000, which I have been virtually unsuccessful in my attempts to find any .com or .org who has deployed it,
the NetScreen 10 or 10\100 would work for smaller LAN's. At 05:33 AM 10/12/00 +0200, Peter Bruderer wrote:
Bret Watson <lists () ticm com> writes: > the Infrastructure manager is lobbying to install netscreen to replace > gauntlet in the org I'm working for... Netscreen is not a replacement for Gauntlet. Netscreen is a real stateful paketfilter. It is robust, stable, has no known vulnerabilities.> I'm trying to halt this one - I feel uneasy about a prod that fails to give> any info about how it works - esp when it claims to do IDS, but then > doesn't talk about what technology and how... IDS is a big word. Netscreen does alert you if it detects SYN/UDP flood, detects some attacks like land, ping of death, etc. but that's it. > Any experiences? Is this a good firewall for a small office? is the IDS > really in the same league as NFR, RealSecure, CyberCop? Netscreen is nothing compared to NFR, Cybercop or Snort. > Would you really exchange Gauntlet for this? No. Netscreen is definitely a good and solid product. It has it's strength in VPN. It has no application level gateways. The fixed port configuration can be quite handy for small offices, in bigger environments it does not scale well. I use Netscreen mainly in transparent mode (stealth mode) to protect firewalls like Gauntlet. Gauntlet alone is quite risky. If you follow the installation instructions, it is recommended to install a developer system on solaris which is totally against all rules for a firewall. In this case you have too many open ports (RPC, X11, xdmcp and others) which are not blocked by default. Therefore I like to put Gauntlet in a sandwich of Netscreens or Sunscreens. The other way is to have a Netscreen and build some application level gateways yourself. have fun ... -- =============================================================== Peter Bruderer mailto:brudy () bruderer-research com Bruderer Research GmbH Tel ++41 52 620 26 53 IT Security Services Fax ++41 52 620 26 54 CH-8200 Schaffhausen http://www.bruderer-research.com =============================================================== _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Experiences with Netscreen? Bret Watson (Oct 11)
- Re: Experiences with Netscreen? Peter Bruderer (Oct 12)
- Re: Experiences with Netscreen? David Shimamoto (Oct 14)
- Re: Experiences with Netscreen? Peter Bruderer (Oct 12)