Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewall recommendations

From: Richard Kunert <rkunert () WISC EDU>
Date: Tue, 18 Mar 2008 11:31:02 -0500
Things to consider...

You should evaluate whether IPv6 will be important to you within the
life of this firewall. A lot of current firewalls don't support it and
if they do it's only partial support. For example, Netscreens and the
Cisco FWSM only support it in route mode (not transparent mode). My
understanding is that it's supported directly by the CPU, not the
ASICs in both cases. This is bad in terms of performance. Frankly I'm
not aware of any firewall that supports IPv6 really well yet, but I
would want to know where it is on the vendor's roadmap.

I would not buy a Netscreen at this point, though I might consider
other Juniper products (SSG series). Why? I have a Netscreen 50
(mostly decommissioned, it's running as a VPN concentrator behind a
FWSM). It's fine for what it can do, but I'm really surprised that the
same model I bought in 2002 is still for sale. I think most of
Netscreen models currently for sale were designed at or before that
time, before the Juniper buyout. They were very advanced for their
time but they're showing their age.

--
Richard Kunert
Information Systems Manager
University of WI Biotechnology Center
Previous By Date Next
Previous By Thread Next

Current thread: