Full Disclosure mailing list archives
RE: Netscreen 5GT Plus vs Fortigate-60
From: "Bryan K. Watson" <lists-security () nettracers com>
Date: Tue, 3 Aug 2004 10:53:49 -0700
On Tue, 3 Aug 2004, ASB wrote:
I've seen the demo at http://www.fortinet.com/demo but I'm looking for real-world info regarding the effectiveness of the policies of the Fortigate. I've heard negative commentaries, but nothing that has been substantiated to any degree.
Like Oliver Heinz, I work with both Netscreen and Fortigate...primarily in the Small and Medium Business space up to a few hundred users. I agree with Oliver's statements and want to point out that there are some recent major changes to both product lines that create some interesting competitive features that make year old impressions and opinions obsolete. Netscreen is now able to characterize certain aspects of the content streams in order to stop for example, interactive traffic like SSH over port 80 when port 80 should be http. This is a lot like the Checkpoint "Application Intelligence" that can stop SSL VPN's in their tracks and is a feature that does not exist in the Fortigate units. The Fortinet Fortigate's rely on ASIC based pattern matching and rely on signatures to catch bad traffic...these sigs are based on traffic content, not traffic parameters. Fortigate is now adding more pattern matching capabilities with the addition of perl-like expression rules that users can create. And with the architecture of the Fortinet units - Intel CPU with their specialized ASIC - it is entirely possible that future releases will look at other aspects of the data streams besides simply content (my conjecture). Watch out when reading undetailed and unsubstantiated claims for any of these products. And, for those who don't know the history of these companies, Ken Xie founded Netscreen and sold out his shares there to start Fortinet (makes for interesting competition). And with Juniper picking up Netscreen, there will be many changes still ahead. Cheers, -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Bryan K. Watson - InfoSec Consultant - bwatson () netTracers com - www.nettracers.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Netscreen 5GT Plus vs Fortigate-60 ASB (Aug 03)
- Re: Netscreen 5GT Plus vs Fortigate-60 Oliver Heinz --- arago AG (Aug 03)
- RE: Netscreen 5GT Plus vs Fortigate-60 Bryan K. Watson (Aug 03)
- Re: Netscreen 5GT Plus vs Fortigate-60 ASB (Aug 03)
- <Possible follow-ups>
- Re: Netscreen 5GT Plus vs Fortigate-60 ASB (Aug 03)
- Re: Netscreen 5GT Plus vs Fortigate-60 Oliver Heinz --- arago AG (Aug 03)