Re: [fw-wiz] Netscreen firewalls

I'm working now almost 10 years with Netscreen Firewalls.

Netscreen was founded in 1997 so we're nearly there ;). Ah the good ol'
days of the gray NS5.

Yes, they have they little software bugs as every other piece of software,
but these bugs only show up if you do very complex installations with VPN
tunnels and OSPF and virtual firewalls.

Not exactly. Quite a few interesting bugs have creeped in over the years,
especially as new features are added. For an old but basic example, see:

I've done a fair bit of lab testing for NS and some bugs have been more
interesting than others. Netscreen have been great about documenting them
in the release notes however. Don't always trust the categorization of
bugs, and look through all sections if you're really interested in spotting
security issues.

I know PIX, Checkpoint, Fortinet, Sonicwall and quite some others, but the
only one that comes close is Fortinet. This one has some advantages on the
content inspection side, like virus scanning, but if it comes to network
integration with dynamic routing and VPN than Netscreen is my preferred one.

Netscreen has content and virus inspection as well although I've not used
them extensively.

PIX and Checkpoint are 5 years behind compared to Netscreen and Fortinet.

I don't think that's entirely accurate - 5 years is a LONG time in firewall
years. Five years ago netscreen was still behind the competition in a few
areas. A LOT has transpired in all vendors since then and Cisco has come a
long ways in terms of direction, features, etc. The PIX is no longer their
top firewall platform either. They are well ahead of the curve but I think
that is more caracterized by how their interface and design is implemented.
Their differentiating factors are more in usability, design, maintenance.

Fortinet and Netscreen share the same former CEO, so it's not suprising they
have a very similar feel. It will be interesting to see how Fortinet
continues to grow. They've come a long ways from when they were founded in

In the whole time I work with Netscreen, they had a few minor bugs security
wise, but none of rendered your firewall useless.

See above.

They are simple to configure and maintain.
My full recommendation.


-- steve

firewall-wizards mailing list

Relevant Pages

  • Re: Slow FTP transfer from z/OS to Unix
    ... I am always suspicious of files, ftp options, network paths (thru routers, ... firewall rules gone bad, firewall loose cables, tar pits, ... retransmitting, ftp bugs, osa bugs, windows bugs (exhausted windows ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
  • Re: Hello
    ... (And the current-day Bugs are ... Download a trojaned file that infects you. ... Leave the firewall off and a worm infects you. ... Does the network shield in Avast actually ...
  • Re: Firewalls, annual licence fee ?
    ... Is it really necessary to keep a firewall up to date all the time? ... Bugs in firewalls are common, just like bugs in an other complex ... Some vendors have a "free software upgrades for life" policy. ... Some vendors have a "No updates without a contract" policy. ...
  • Re: ics and firewall
    ... Software Bugs ... Do you know of any past/recent bugs that caused an SPI firewall ... it's usually not just for bug fixing but for security bug fixing ... > The trick is to make the redundancies contributory, ...
  • Re: relative complexity of hardware and software (was: pick n place machines
    ... systems seldom have bugs. ... But most software has bugs. ... I don't design hardware logic so I'm just guessing. ... programmable logic does indeed allow for ratshit programming. ...