RE: [fw-wiz] FW appliance comparison - Seeking input for the forum



-----Original Message-----
Subject: [fw-wiz] FW appliance comparison - Seeking input for the forum

> I'd like to ask the forum for any input (good or bad) on a comparison
between the Cisco ASA
> 5510 and the Symantec SGS 5620 ...
>
> We're looking to replace our current firewall setup with an appliance type
approach.

If you buy into the vendorspeak, those two products sound awfully similar.
But they're not. What they do have in common is that they are an amalgam of
products already on the market. So I guess if you're also trying to
conserve rack space, these are the products for you. :-)

The ASA 5510 literally possesses the functionality of a PIX, SecureIDS
(formerly NetRanger), and a VPN 3000 Concentrator (formerly Allegro plus
some SSL VPN code from Twingo). That's a fast stateful firewall, a lousy
NIDS appliance, and a VPN appliance with decent IPSec support, but a lousy
SSL VPN implementation.

The SGS 5620* possesses the functionality of Symantec Enterprise Firewall
(formerly Axent Raptor), Clientless Gateway VPN 4400 (formerly SafeWeb), and
Symantec Network Security 7100 (formerly Recourse ManHunt). So that's a
slow proxy firewall with awkward IPSec support, a decent SSL VPN gateway,
and a faster but equally lousy NIDS product.


As you may have guessed, I'm not psyched about either of these products.
Both have given me headaches in the past. It might cost you more, but you
ought to consider buying the components you need on a separate basis.

PaulM

* A marginally interesting side note, these are Sun-made x86 servers running
Linux. This bizarre pedigree dates back to a contract that Axent had with
Cobalt to supply hardware (RaQ servers) for the VelociRaptor appliances.
Somehow this relationship has survived both of the original parties being
purchased (Sun bought Cobalt just a few months after Symantec bought Axent
in 2000).

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Does Cisco make a SSL VPN router, with a "simple" GUI config?
    ... ago :-) Small firewall with 5 interfaces and a single concurrent SSL VPN ... I have no definitive proof that a Sonicwall is better than anything else, ... web browsing down line two] and in my book those are "router" features. ...
    (comp.dcom.sys.cisco)
  • Re: How safe for firewall rule using 127.0.0.0/8
    ... >> The user connects to a website running an ssl vpn server, ... The server offers to him to download the vpn ... >> his AV or his firewall, or do anything else nefarious like that. ... > horse was something that you WANT to install, ...
    (comp.security.firewalls)
  • Re: Trying to connect to MS Exchange
    ... Cisco ASA replaces the Pix. ... Nice firewall. ... SSL VPN, and other new features. ...
    (microsoft.public.windows.server.sbs)
  • Re: SSL VPN
    ... Rick Bilonick wrote: ... I've been using ssh to connect to my server but now it's going ... to be behind a firewall that uses ssl vpn for connections. ...
    (Fedora)