Re: [fw-wiz] Netscreen firewalls



--On Friday, December 15, 2006 12:43 PM -0500 Mike LeBlanc
<mlinfosec@xxxxxxxxxxx> wrote:

All,
I'm looking for guidance on vulnerabilities/downsides to the Netscreen
firewalls. I am
not looking to start a flamefest on Netscreen but simply am looking for
the downside.
We currently are a cisco pix shop and have monitoring and change
management built
around cisco. I have done a google on Netscreen vulnerabilities and
issues but
didn't find much current data. Any information is appreciated in advance,
including
links to current data. Additionally if you have personal expereince,
positive or
negative, with Netscreen I would like to hear it.. off list if so desired.

Thanks in advance for any information you can provide,

Mike LeBlanc, CISSP
VP/Infosec officer for multinational bank

Having done firewall evaluations for several multinational banks, NetScreen
is pretty much the best thing out there in packet filter land. Much better
than FW-1 and PIX, especially under heavy load. They're not perfect by any
means, but they have the best virtual firewall support I've seen, which
makes them great for consolidation projects or compartmentalizing your
rules to lower operational risk. They're routing support is pretty good as
well - if you have ethernet demarc'd WAN connections you can avoid paying
for a separate routing tier in many cases.

--
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards