Re: Firewall Hardware Recommendations

From: Lard van den Berg (
Date: 12/30/03

  • Next message: Byron Sonne: "Re: Best practices for a small business's security"
    To: "Shawn Jackson" <>, <>, "Keith Duemling" <>
    Date: Mon, 29 Dec 2003 23:27:34 -0000

    I would suggest to for Firewall-1 for your first line of defense. Netscreen
    are an excellent alternative for second line and vpn solutions.

    Lard van den Berg

    ----- Original Message -----
    From: "Shawn Jackson" <>
    To: <>; "Keith Duemling" <>
    Cc: <>
    Sent: Monday, December 29, 2003 6:03 PM
    Subject: RE: Firewall Hardware Recommendations

    WatchGuard more secure then PIX? Probably a sales person from
    another vendor gotta love them. I've protected banks with the PIX 515
    and 525 series and their rock solid. Update your Secure-IOS and maintain
    your ACL's and your golden. Unlike SonicWall (maybe even WatchGuard now
    too) you don't have to pay for the VPN component. A SonicWall PRO 230 +
    VPN Licensees + Client Licensees = More then a PIX 515. I've heard, but
    never seen, that WatchGuard in the same licensing frenzy. Can't speak
    for NetScreen, I've personally tried to stay away from them, they give
    me the willies, but it's been a while since I looked at them last.

    Same Q's as J. What Model? What S-IOS version? How Old, etc. I
    admit, with head held in shame, that configuring the PIX can be a pain
    in the arse, especially when you're working with the IPSEC end of a VPN
    configuration and I've never setup PPTP on a PIX, but have done so on
    many Cisco routers with little problems.

    Honestly, whoever sold you that load a bull needs help, no
    disrespect intended but in security facts rule the digital road and
    misinformation is the hazard just around the next corner.

    I hope EVERYONE had a safe and uneventful Christmas + Boxing Day. Set
    aside some time today to review your logs (that built up) in full before
    saving them and clearing from the active log files.

    Shawn Jackson
    Systems Administrator
    Horizon USA
    1190 Trademark Dr #107
    Reno NV 89521

    Phone: (775) 858-2338
           (800) 325-1199 x338

    -----Original Message-----
    From: []

    Sent: Sunday, December 28, 2003 10:34 PM
    To: Keith Duemling
    Subject: Re: Firewall Hardware Recommendations


    Curious, What cisco firewall do you currently have and what version OS
    on it?

    Who told you that a WatchGuard firewall is more secure than a Cisco

    The PIX does what you are asking for. If you have information to the
    counter, please post.


    At 19:32 12/23/2003, Keith Duemling wrote:
    >Just wanted to get some feedback from the list regarding some research
    >currently working on. We're replacing our existing Cisco firewall with
    >dedicated firewall hardware/software solution to provider greater
    >and VPN access.
    >I've been looking at the Netscreen and various Watchguard products at
    >time. The current environment is as follows;
    >- NAT environment
    >- DMZ to host web accessible servers
    >- 100 internal users
    >- Extensive intranet site & visitation to several high profile B2B
    >- Constant 10 user VPN community.
    >- Redundant T1 connection managed by RADware Linkproof hardware
    >Any recommendations would be greatly appreciated. Thanks in advance.
    >Keith Duemling


  • Next message: Byron Sonne: "Re: Best practices for a small business's security"

    Relevant Pages

    • SBS2k3 Server not responding to VPN Clients & Advice on SP2 Firewall configuration for VPN use
      ... We are using a Cisco PIX firewall and have remote workstations ... terminate on the PIX which is sitting in front out our internal network. ... The PIX VPN is working correctly and we are able to ping internal ... Unfortunately the external clients are unable to contact the SBS2k3 server ...
    • Re: VPN and third party appliances
      ... The firewall is setup for NAT, I have checked my personal firewall at home ... into the network the connection stalls then eventually disconnects. ... a VPN config that I may have missed in AD or something with win2k3sbs. ... > remote access VPN with a Cisco PIX as the VPN Server. ...
    • RE: [fw-wiz] insecurity in internet connection thro cable modems
      ... They are both similar firewall types, but if you're partial to the PIX CLI ... If I'm building a larger VPN infrastructure though, ... > Netscreens. ...
    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
    • RE: Firewall Hardware Recommendations
      ... VPN Licensees + Client Licensees = More then a PIX 515. ... What cisco firewall do you currently have and what version OS ...