RE: Firewalls - Ease of Use and Maintenance?

["Blake T. Pfankuch" <blake () pfankuch me>]

As Hammer stated, you hit all the big ones.

ASA's are a classic fallback because of the stability implied by the cisco name.  Complaints about them tend to be cost 
on getting all the shiny bits attached to them (IDS, IPS, Content filtering).  This coming from a Cisco partner.  I am 
not a Netscreen fan myself due to past experiences and sour tastes.  Checkpoint's are OK, but I don't like the 
application need for configuring on SMB appliances.  

Add to the list Sonicwall.  We use them primarily for our customers at work and are partners with them as well.  They 
have appliances that go from 10 office size to Active/Active HA pairing that can do multi gbit of throughput.  They 
support all the standard features you look for IPSEC VPN, SSLVPN, L2TP, VLAN Interfaces, Dynamic routing support (OSPF 
and RIP in small models, BGP in the larger) LDAP auth for all of the above, content filtering, IPS, IDS, Anti Spyware 
stateful blah blah and centralized management.  Some of the newer things that are gaining popularity that you can 
license is the App Visualization (think netflow in a web UI with good filters), WAN Acceleration modules via a VMware 
Appliance, RBL Filtering (which can be applied to just about anything), DPI-SSL inspection for https traffic, 
Active/Active HA, Physical port redundancy per appliance, list goes on.  Configuration logic is similar to a ASA, 
however takes a little to get used to.  The nice thing is everything in the config is name based and searchable within 
the WebUI and you can talk non technical people through making changes in the config if you have to.  

The feature list is growing every day, and I almost prefer them anymore just because of the simplicity as well as the 
scalability.

Ping me if you have more questions or want a few example setups.

Blake

-----Original Message-----
From: Jones, Barry [mailto:BEJones () semprautilities com] 
Sent: Tuesday, November 08, 2011 4:07 PM
To: nanog () nanog org
Subject: Firewalls - Ease of Use and Maintenance?

Hello all.
I am potentially looking at firewall products and wanted suggestions as to the easiest firewalls to install, configure 
and maintain? I have a few small networks ( 50 nodes at one site, 50 odd at another, and maybe 20 at another. I have 
worked with Cisco Pix, ASA, Netscreen, and Checkpoint (Nokia), and each have strong and not as strong features for ease 
of use. Like everyone, I'm resource challenged and need an easy solution to stand up and operate.

Feel free to ping me offline - and thank you for the assistance.

----------------------------------------
Barry Jones - CISSP GSNA
Project Manager II
Sempra Energy Utilities
(760) 271-6822

P please don't print this e-mail unless you really need to.
----------------------------------------