Re: Firewall replacement

[Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>]

I've had experience with Juniper, Cisco (some Pix, ASA 5540s) and
Sonicwall.   My reaction:  The Sonicwall probably makes configuring vpns
easiest and an experienced admin will have virtually no learning curve. 
Additionally it will probably do everything you want and somehow not
really seem like it can.  However, you may be occasionally frustrated by
the simplicity and lack of under-the-hoodness (to make up a word) if
you're coming from a Cisco enviroment.  The ASA's on the other hand are a
pretty good attempt, by Cisco standards, of making an appliance with a GUI
interface that is actually useful and capable of doing almost everything
you'd need to do and more- with a learning curve.  You can get under the
hood if you want to and get some good troubleshooting information too. 
Things can seem scattered around the interface a bit and occasionally
unncessarily complicated (it's still a Cisco device), but there are a
wealth of features.  If you want to customize your pages, set group
policies, integrate posture checking later you can do that.  It can be as
complicated or as simple as you need, IMHO.  I'd say stability is good
enough on most of the major names.  For me it comes down to what I want to
accomplish.  If I need simple fast service because I'm dealing with many
other things and all I need is simple vpn services and management overhead
is my primary concern, then I might choose the Sonicwall.  If features are
the issue, I might choose the ASAs.  Also, one thing you may want to look
at is licensing options for the various platforms.

D/C
The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:
> We have been running a pair of ASA5520s in a failover cluster for
> firewall, client VPN connections and webvpn connections and they have
> worked well.
>
>  
>
> Bruce Entwistle
>
> Network Manager
>
> University of Redlands
>
>  
>
>
>
>
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D.
> Sent: Monday, March 07, 2011 8:15 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Firewall replacement
>
>
>
>
>  
>
> We are beginning to look at replacing our Sonicwall firewalls.  My
> experience is mostly with Cisco Pix, which were rock solid, and older ASA
> code running on Pix appliances.  Are the new ASA appliances as stable as
> the old Pix boxes?
>
>  
>
> Our needs are simple; stateful firewall, User VPN, site to site VPN, and
> a handful of SSL VPN connections if possible.  I prefer appliances, but
> am open to any suggestions.  Platform stability is my greatest concern.
>
>  
>
> Anyone out there running a Linux FW appliance like Vyatta?  If so
> experiences and feedback would be welcome.
>
>  
>
>  
>
>  
>
> Thanks for any suggestions or feedback,
>
> Brian