Re: Firewall Hardware Recommendations

From: Lard van den Berg (
Date: 12/30/03

  • Next message: Byron Sonne: "Re: Best practices for a small business's security"
    To: "Shawn Jackson" <>, <>, "Keith Duemling" <>
    Date: Mon, 29 Dec 2003 23:27:34 -0000

    I would suggest to for Firewall-1 for your first line of defense. Netscreen
    are an excellent alternative for second line and vpn solutions.

    Lard van den Berg

    ----- Original Message -----
    From: "Shawn Jackson" <>
    To: <>; "Keith Duemling" <>
    Cc: <>
    Sent: Monday, December 29, 2003 6:03 PM
    Subject: RE: Firewall Hardware Recommendations

    WatchGuard more secure then PIX? Probably a sales person from
    another vendor gotta love them. I've protected banks with the PIX 515
    and 525 series and their rock solid. Update your Secure-IOS and maintain
    your ACL's and your golden. Unlike SonicWall (maybe even WatchGuard now
    too) you don't have to pay for the VPN component. A SonicWall PRO 230 +
    VPN Licensees + Client Licensees = More then a PIX 515. I've heard, but
    never seen, that WatchGuard in the same licensing frenzy. Can't speak
    for NetScreen, I've personally tried to stay away from them, they give
    me the willies, but it's been a while since I looked at them last.

    Same Q's as J. What Model? What S-IOS version? How Old, etc. I
    admit, with head held in shame, that configuring the PIX can be a pain
    in the arse, especially when you're working with the IPSEC end of a VPN
    configuration and I've never setup PPTP on a PIX, but have done so on
    many Cisco routers with little problems.

    Honestly, whoever sold you that load a bull needs help, no
    disrespect intended but in security facts rule the digital road and
    misinformation is the hazard just around the next corner.

    I hope EVERYONE had a safe and uneventful Christmas + Boxing Day. Set
    aside some time today to review your logs (that built up) in full before
    saving them and clearing from the active log files.

    Shawn Jackson
    Systems Administrator
    Horizon USA
    1190 Trademark Dr #107
    Reno NV 89521

    Phone: (775) 858-2338
           (800) 325-1199 x338

    -----Original Message-----
    From: []

    Sent: Sunday, December 28, 2003 10:34 PM
    To: Keith Duemling
    Subject: Re: Firewall Hardware Recommendations


    Curious, What cisco firewall do you currently have and what version OS
    on it?

    Who told you that a WatchGuard firewall is more secure than a Cisco

    The PIX does what you are asking for. If you have information to the
    counter, please post.


    At 19:32 12/23/2003, Keith Duemling wrote:
    >Just wanted to get some feedback from the list regarding some research
    >currently working on. We're replacing our existing Cisco firewall with
    >dedicated firewall hardware/software solution to provider greater
    >and VPN access.
    >I've been looking at the Netscreen and various Watchguard products at
    >time. The current environment is as follows;
    >- NAT environment
    >- DMZ to host web accessible servers
    >- 100 internal users
    >- Extensive intranet site & visitation to several high profile B2B
    >- Constant 10 user VPN community.
    >- Redundant T1 connection managed by RADware Linkproof hardware
    >Any recommendations would be greatly appreciated. Thanks in advance.
    >Keith Duemling


  • Next message: Byron Sonne: "Re: Best practices for a small business's security"