Re: enterprise class firewalls - opinions please
From: Mark S (marks_at_nothere.com)
Date: 2 Dec 2004 14:55:04 -0600
I came from a Cisco background into Netscreen (Juniper).
PIX is awful. Its old, its crusty, half the stuff doesn't work, and they
haven't kept up with the current threats.
The Netscreens rock. Everything works as it should. Support is excellent,
and with their NSM Management software you could maintain those 30 firewalls
The only thing I can on Checkpoint vs Netscreen is that Netscreens OS is the
same from the baby boxes through to the beast boxes, except of course in the
throughput numbers, numbers of zones/vlans etc. But the capabilities are all
there. With Checkpoint they seem to neuter some of their product in an
effort to squeeze more money out of you.
I've had to make a few support calls and they've been really onto it.
We have one nasty demo we do with the Netscreens. We go onsite to a customer
and put a Netscreen in behind their existing firewall in transparent mode,
and leave it running for 24 hours, come back the next day and see what its
picked up. Usually (especially in the case of the PIX), theres lots.
What I'd recommend you do is get hands on with all three. Get pricing, and
make sure you get the maintainance support pricing as well (this can make a
huge difference). Beware of the Cisco Clones, they often tell you the pix's
can do stuff they actually can't.
Make sure you get a demo of Deep Inspection running if you don't intend to
use any internal IDP devices.
"Alan Strassberg" <firstname.lastname@example.org> wrote in message
> I am evaluating firewalls for a large (50,000 user) corporation.
> Gartner's magic quadant shows Netscreen (Juniper), Checkpoint,
> and Cisco as the top.
> Would like to hear net.wisdom what the reality of what you run
> and why you love or hate it. Does support resolve issues ? Can
> a firewall team maintain 30 firewalls globally ?