Re: [fw-wiz] Netscreen firewalls

-----Original Message-----
Subject: [fw-wiz] Netscreen firewalls

I'm looking for guidance on vulnerabilities/downsides to the Netscreen
firewalls. I am not looking to
start a flamefest on Netscreen but simply am looking for the downside.
We currently are a cisco pix shop and have monitoring and change
management built around cisco. I have
done a google on Netscreen vulnerabilities and issues but didn't find much
current data. Any
information is appreciated in advance, including links to current data.
Additionally if you have
personal expereince, positive or negative, with Netscreen I would like to
hear it.. off list if so

Probably not saying anything new, but to find people who will talk trash
about NetScreen, you will have to travel back in time 5+ years. Any
vulnerabilities (SSHv1) or stability issues in ScreenOS that I know of have
long since been fixed. Not to say that there won't be new ones, but that's
true of PIX as well.

The shipping models are actually pretty slick, especially the 5400, which
performance-wise, is more like a Cat6500 with FWSM.

So, if your goal is to show why PIX is a better value for your company than
NetScreen, you should focus on things like "PIX integrates with our other
Cisco management stuff," or "we have staff that know PIX but not NetScreen."
My $0.02, anyway.


firewall-wizards mailing list

Relevant Pages

  • Cisco PIX 515E vs. Fortinet Fortigate-300
    ... Firewall Evaluation ... Cisco PIX 515E vs. Fortinet Fortigate-300 ... Fortigate firewall. ...
  • RE: Firewall Hardware Recommendations
    ... but Cisco makes for good medicine also. ... next time I setup a PIX I'll have to load it on up and give it a shot. ... WatchGuard has you pay for VPN lic's. ...
  • RE: Router with security features
    ... Subject: Router with security features ... Cisco makes an even cheaper and smaller pix firewall. ... Pix 520's it just does not come with more powerful hardware. ...
  • RE: VPN overkill?
    ... Since you guys sound like a Cisco shop, any of the Cisco 1700, 2600 or ... IOS IOS ... IOS PIX ... If your future plans are to increase the number of sites connecting via ...
  • Re: Problems configuring my PIX525
    ... I am almost sure that Cisco ... > offers some kind of training for the PIX. ... DMZ should be 192.168.x.x, again you have the wrong subnet mask - change ... and static is only used for incoming connection. ...