Firewall Wizards mailing list archives
Re: Netscreen firewalls
From: Stephen Gill <gillsr () cymru com>
Date: Mon, 18 Dec 2006 10:17:24 -0700
I'm working now almost 10 years with Netscreen Firewalls.
Netscreen was founded in 1997 so we're nearly there ;). Ah the good ol' days of the gray NS5.
Yes, they have they little software bugs as every other piece of software, but these bugs only show up if you do very complex installations with VPN tunnels and OSPF and virtual firewalls.
Not exactly. Quite a few interesting bugs have creeped in over the years, especially as new features are added. For an old but basic example, see: http://www.cymru.com/gillsr/documents/maximizing-firewall-availability.pdf I've done a fair bit of lab testing for NS and some bugs have been more interesting than others. Netscreen have been great about documenting them in the release notes however. Don't always trust the categorization of bugs, and look through all sections if you're really interested in spotting security issues.
I know PIX, Checkpoint, Fortinet, Sonicwall and quite some others, but the only one that comes close is Fortinet. This one has some advantages on the content inspection side, like virus scanning, but if it comes to network integration with dynamic routing and VPN than Netscreen is my preferred one.
Netscreen has content and virus inspection as well although I've not used them extensively.
PIX and Checkpoint are 5 years behind compared to Netscreen and Fortinet.
I don't think that's entirely accurate - 5 years is a LONG time in firewall years. Five years ago netscreen was still behind the competition in a few areas. A LOT has transpired in all vendors since then and Cisco has come a long ways in terms of direction, features, etc. The PIX is no longer their top firewall platform either. They are well ahead of the curve but I think that is more caracterized by how their interface and design is implemented. Their differentiating factors are more in usability, design, maintenance. Fortinet and Netscreen share the same former CEO, so it's not suprising they have a very similar feel. It will be interesting to see how Fortinet continues to grow. They've come a long ways from when they were founded in 2000.
In the whole time I work with Netscreen, they had a few minor bugs security wise, but none of rendered your firewall useless.
See above.
They are simple to configure and maintain.
...
My full recommendation.
Seconded! Cheers, -- steve _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Netscreen firewalls Stephen Gill (Dec 17)
- <Possible follow-ups>
- Re: Netscreen firewalls Stephen Gill (Dec 19)
- Re: Netscreen firewalls Montgomery, Scott (Dec 21)