Re: NetScreen-5XT vs. Firebox SOHO
From: Derek Nash (dnash@yuck.net)Date: 07/15/02
- Next message: Benjamin Standing: "Re: logviewer like FW-1 for iptables"
- Previous message: : "Re: Is stealth redundant?"
- In reply to: pants: "Re: NetScreen-5XT vs. Firebox SOHO"
- Next in thread: : "Re: NetScreen-5XT vs. Firebox SOHO"
- Reply: : "Re: NetScreen-5XT vs. Firebox SOHO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Derek Nash" <dnash@yuck.net> Date: Mon, 15 Jul 2002 01:42:56 GMT
"pants" <edro@me.com> wrote in message
news:R8ZX8.105061$DB.3182878@news1.east.cox.net...
> argggggg....
>
> hardware vendors are such BS'ers its amazing. all of the competing
vendors
> (Netscreen, Sonicwall, Watchguard, etc...) are always in a big pissing
> contest about who's faster and its 100% crap-ola. Raise your hand here
if
> your home internet connection is faster than 10mbps. Anyone? Anyone?
> (I'm sure there are a few people here reading this that have connections
> over 10mb, but you already know what time it is and don't really need to
> read my rambling). So i'm going to venture to say most of us here have
an
> internet feed that is less than 4mbps at home. ...so who the eff cares if
> your firewall/vpn box can pass traffic faster than that!? The problem
is
> that IS/IT/MIS managers and decision makers read through magazine reviews
> and product shootouts and look at the pretty matrix that's in there, and
> they say, "OH! Netscreen is the fastest at XYZ, So i've got to buy one!
it
> must be much better than this firewall." So all of the hardware vendors
> either bump up just a little to get one step ahead of the other guy, or
they
> make up new things to try and trick people to thinking they're
> faster/bigger/better/cheaper.
You have a good point here, but when looking at these firewalls comparisions
one needs to take a look at the amount of dropped packets vs. thtoughput.
This metric is extremely important in many applications. VoIP quickly comes
to mind. This also happens to be where NetScreen is proven superior time and
time again. Not to try and be a POM.
>
> And the ASIC that is in the Netscreen by the way only accelerates 3DES
> encryption/decryption. it has nothing to do with the rule base
processing,
> stateful packet inspection, NAT, or anything else. only 3DES (unless they
> accelerate their AES and DES as well... but i'm not positive about that).
Actually this is incorrect the ASIC does handle the policy based algorithms
and statful packet inspection. It also handles the AES and DES
encryption/decryption. Only thing the CPU actually does is up up and close
sessions in the session table.
>
> Just some trash about Netscreen:
> tech support sucks, expensive support contracts,
harder-than-it-needs-to-be
> configuration.
Guess what? NetScreen Support contracts are right in line with Cisco and
support is better then Watchguard or SonicWall, but Cisco TAC still RULES!
You also might want to check out recent policy changes at SonicWall (i.e. no
more unlimited free software upgrades).
>
> some trash about watchguard:
> brings price/performance numbers down to an all new low, tech support
sucks,
> not as secure (checkout known list of vulnerabilities; also, question
their
> stateful packet inspection engine since they do not post through put
numbers
> for stateful packet inspection... only "nat".... Hmmmm....). Plus, why
> would watchguard buy rapidstream??? i don't get it? rapidstream just
runs
> Checkpoint... who is a competitor of watchguard. So watchguard now makes
a
> fast hardware platform for checkpoint to run on? ...um... hm. well i
> wonder if watchguard is going to dump their own firewall line and move to
> checkpoint???... :)
>
> Another vendor to consider would be a SonicWALL TELE3
> (http://www.sonicwall.com/products/access.asp), either a standard TELE3 or
a
> TELE3-TZ. The TELE3 is just like the 5XP. The TZ is pretty fly, it
> basically has a DMZ for your home, so you can put your kids gaming PC's
off
> of one interface, and corporate PC's off of another interface so you can
> firewall them off from each other. (So in the event that someone
downloads
> a virus or Trojan or just plain old get's hacked, that PC can't come
across
> and hack the other pc's or travel across the VPN tunnels and hack the
> corporate site). SonicWALL is a little cheaper, a slightly older company,
> and easier to use (although they are both web gui driven products).
> Trash about sonicwall... tech support sucks.
TELE3-TZ is a very interesting concept unfortunately the rest of the factors
(i.e. price vs. performance, poor tech support, poor documentation, poor
build quality, and inflexiblity) are aganst them and were enough for my
company to sever our reseller relationship with them.
>
> (Oh, tech support for all of these companies suck by the way. that pretty
> much goes for checkpoint too. if you want good tech support, open up your
> wallet and buy a pix cause cisco is the only company out there that has
good
> tech support. sonicwall/netscreen/watchguard/checkpoint are all monkeys
> answering the phone).
>
> k, i'm done now...
>
> "Bryn Sadler" <syslundy@hotmail.com> wrote in message
> news:2VzX8.6$D43.1078@news.dircon.co.uk...
> > > the Netscreen 5XP has all the same
> > > features as their $100,000 enterprise-level firewalls and their VPN is
> > > supposed to be fast.
> >
> > Everything is fast with the NetScreen boxes, they use 'Application
> Specific
> > Integrated Circuit' chips instead of standard processors like the PIX,
> which
> > means that all the policies and encryption algorithms are implemented in
> > hardware instead of software, so even at high VPN encryption levels
> there's
> > little latency.
> >
> >
>
>
- Next message: Benjamin Standing: "Re: logviewer like FW-1 for iptables"
- Previous message: : "Re: Is stealth redundant?"
- In reply to: pants: "Re: NetScreen-5XT vs. Firebox SOHO"
- Next in thread: : "Re: NetScreen-5XT vs. Firebox SOHO"
- Reply: : "Re: NetScreen-5XT vs. Firebox SOHO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
