Re: NetScreen-5XT vs. Firebox SOHO

From: pants (edro@me.com)
Date: 07/13/02 

From: "pants" <edro@me.com>
Date: Sat, 13 Jul 2002 17:09:05 GMT

argggggg....

hardware vendors are such BS'ers its amazing. all of the competing vendors
(Netscreen, Sonicwall, Watchguard, etc...) are always in a big pissing
contest about who's faster and its 100% crap-ola. Raise your hand here if
your home internet connection is faster than 10mbps. Anyone? Anyone?
(I'm sure there are a few people here reading this that have connections
over 10mb, but you already know what time it is and don't really need to
read my rambling). So i'm going to venture to say most of us here have an
internet feed that is less than 4mbps at home. ...so who the eff cares if
your firewall/vpn box can pass traffic faster than that!? The problem is
that IS/IT/MIS managers and decision makers read through magazine reviews
and product shootouts and look at the pretty matrix that's in there, and
they say, "OH! Netscreen is the fastest at XYZ, So i've got to buy one! it
must be much better than this firewall." So all of the hardware vendors
either bump up just a little to get one step ahead of the other guy, or they
make up new things to try and trick people to thinking they're
faster/bigger/better/cheaper.

And the ASIC that is in the Netscreen by the way only accelerates 3DES
encryption/decryption. it has nothing to do with the rule base processing,
stateful packet inspection, NAT, or anything else. only 3DES (unless they
accelerate their AES and DES as well... but i'm not positive about that).

Just some trash about Netscreen:
tech support sucks, expensive support contracts, harder-than-it-needs-to-be
configuration.

some trash about watchguard:
brings price/performance numbers down to an all new low, tech support sucks,
not as secure (checkout known list of vulnerabilities; also, question their
stateful packet inspection engine since they do not post through put numbers
for stateful packet inspection... only "nat".... Hmmmm....). Plus, why
would watchguard buy rapidstream??? i don't get it? rapidstream just runs
Checkpoint... who is a competitor of watchguard. So watchguard now makes a
fast hardware platform for checkpoint to run on? ...um... hm. well i
wonder if watchguard is going to dump their own firewall line and move to
checkpoint???... :)

Another vendor to consider would be a SonicWALL TELE3
(http://www.sonicwall.com/products/access.asp), either a standard TELE3 or a
TELE3-TZ. The TELE3 is just like the 5XP. The TZ is pretty fly, it
basically has a DMZ for your home, so you can put your kids gaming PC's off
of one interface, and corporate PC's off of another interface so you can
firewall them off from each other. (So in the event that someone downloads
a virus or Trojan or just plain old get's hacked, that PC can't come across
and hack the other pc's or travel across the VPN tunnels and hack the
corporate site). SonicWALL is a little cheaper, a slightly older company,
and easier to use (although they are both web gui driven products).
  Trash about sonicwall... tech support sucks.

(Oh, tech support for all of these companies suck by the way. that pretty
much goes for checkpoint too. if you want good tech support, open up your
wallet and buy a pix cause cisco is the only company out there that has good
tech support. sonicwall/netscreen/watchguard/checkpoint are all monkeys
answering the phone).

k, i'm done now...

"Bryn Sadler" <syslundy@hotmail.com> wrote in message
news:2VzX8.6$D43.1078@news.dircon.co.uk...
> > the Netscreen 5XP has all the same
> > features as their $100,000 enterprise-level firewalls and their VPN is
> > supposed to be fast.
>
> Everything is fast with the NetScreen boxes, they use 'Application
Specific
> Integrated Circuit' chips instead of standard processors like the PIX,
which
> means that all the policies and encryption algorithms are implemented in
> hardware instead of software, so even at high VPN encryption levels
there's
> little latency.
>
>

Relevant Pages

  • Re: NetScreen-5XT vs. Firebox SOHO
    ... > hardware vendors are such BS'ers its amazing. ... support is better then Watchguard or SonicWall, ... > brings price/performance numbers down to an all new low, tech support ...
    (comp.security.firewalls)
  • Re: Sonicwall 300 or Watchguard 1000?
    ... Sonicwall is good for 90% or more of the potential ... > few changes require a reboot whereas all watchguard changes do coz you ... today's Firebox's require VERY FEW reboots during config changes. ... Yes, SMTP proxy. ...
    (comp.security.firewalls)
  • Re: Recommendation for A Firewall Solution - Watchguard, Sonicwall, Instagate, or ...
    ... I heard a lot of good things about Watchguard. ... Sonicwall products are ... > I had a bad expreience with a Sonicwall. ... Internal users need Internet access with NAT ...
    (comp.security.firewalls)
  • Re: Sonicwall 300 or Watchguard 1000?
    ... Watchguard, much easier, esp as you can edit config on the fly, very ... But the Sonicwall doesnt' have some of the more snazzy features of the ... an SMTP proxy, for example, Sonic does not; ... whereas with the firebox you can have the firebox itself have ...
    (comp.security.firewalls)
  • Re: Sonicwall 300 or Watchguard 1000?
    ... Watchguard, much easier, esp as you can edit config on the fly, very ... But the Sonicwall doesnt' have some of the more snazzy features of the ... an SMTP proxy, for example, Sonic does not; ... whereas with the firebox you can have the firebox itself have ...
    (comp.security.firewalls)
Quantcast