RE: [fw-wiz] CP Vs SonicWall Vs PIX Vs Netscreen Vs Symantec
From: Josh Welch (jwelch_at_buffalowildwings.com)
Date: 08/15/03
- Previous message: Dave Killion: "RE: [fw-wiz] Blocking MS Blaster"
- In reply to: bit_suryanto80_at_yahoo.com.sg: "[fw-wiz] CP Vs SonicWall Vs PIX Vs Netscreen Vs Symantec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bit_suryanto80@yahoo.com.sg>, <firewall-wizards@nfr.net> Date: Fri, 15 Aug 2003 16:28:37 -0500
bit_suryanto80@yahoo.com.sg said:
> Hello,
>
> We are currently evaluating several remote firewall
> devices for broadband usage:
>
> Checkpoint VPN1-pro
> SonicWall
> PIX-515E-UR
> Intrusions PDS
> Netscreen 50
> Symantec Gateway Security 5300
>
> I've been poking around the net for some recent
> comparisons and what not about the different platfomrs
> to no avail so I've decided to approach the user
> community.
>
> There will be several hundred at least and I figure
> that some folks out there may have some interesting
> thoughts or comments on the different platforms that
> may have escaped us. We are looking for the good, the
> bad and the ugly. The critical issues are:
>
> security issues of the individual platform
>
> management issues (sw, firmware, policy)
>
> mechanisms for managing virus sw revisions
>
> dual vs triple interfaces
> we'd like to separate "home" from "work"
>
> thnx.u
>
I've been looking at a smaller deployment of the same type, I'll give you my
impressions so far. I am largely focusing on the PIX and NS at this point,
checkpoint is beyond my budget, hadn't heard of Intrusions, and I've heard
rumblings of financial difficulties at Sonicwall that I have not yet
confirmed. I may look at the Symantec yet.
If these are for SOHO users (that's what I think of when I see broadband),
then you'd want to look at the Netscreen 5 and PIX 501 types. They are sized
more appropriately for these purposes.
I don't remember seeing AV capability in the PIX, the NS 5GT did or will
have it, can't remember. Then again, I don't know if I want that on my
firewall or not.
You can block ActiveX and Java thingies with the Netscreen, I don't know if
you can with the PIX (I've researched the Netscreen a fair bit, but am just
beginning on the PIX).
I don't like the web interface on the NS, web server on firewall makes me
nervous, but I am assuming I can turn it off.
Both NS and Cisco offer a central management solution, seems like a good
thing to invest in with a bunch of FW running, trying to convince management
of same. The NS Solution I looked at allowed for updating policies and
software revs.
As far as security of one versus the other, I don't know. They are both
certified by the ICSA labs, and have Common Criteria EAL 4 ratings with the
proper software revisision, this seems like a good thing.
That's what I have so far,
HTH
Josh
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dave Killion: "RE: [fw-wiz] Blocking MS Blaster"
- In reply to: bit_suryanto80_at_yahoo.com.sg: "[fw-wiz] CP Vs SonicWall Vs PIX Vs Netscreen Vs Symantec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
