Sidewinder vs Netscreen as layer 3 firewall only.
From: Andy Davidson ($andy$_at_nosignal.org)
Date: 13 May 2005 16:16:50 GMT
I'm trying to compare the performance of a Netscreen ISG1000/2000 firewall
and a Secure Computing Sidewinder 1100C **as a layer 3 packet inspector**
rather than an application proxy ?
Regarding the Sidewinder, it might sound unusual to you that we may
buy a firewall which is mainly sold as an application proxy / layer
seven filtering device, in order to do stateful inspection, but one of
our suppliers is trying to push them to us as the perfect firewall for
This is what we are looking for.. (this will look terrible on google
if you don't use a fixed width font..)
| app servers/dbs
This is easy to visualise on the Netscreen firewall (3 security zones)
and the Sidewinder (3 burbs) so as far as I can see, there's no logical
reason why this would not work on both platforms.
The main differences I can see are :
* the Netscreen would give us IDS reports straight away, as soon as we
buy the ids blade.
* The Netscreen performance suffers, I am told, when IDS reporting is
turned on (this might not be the case at all. :-) )
* the Sidewinder 1100C is much cheaper
* the Sidewinder has a comfortable unix-style shell interface
* The peer support community for Netscreen is 'probably' larger.
We simply do not want or need the application proxy stuff, so that's
not an advantage, or ISP of the Sidewinder in this case.
How do the firewalls compare in this circumstance, please ?
-- http://fotoserve.com/ - Prints, Slides, Posters, Mugs, T-shirts,, Calendars, Jigsaws, Tableware, Caricatures, Greetings cards, Picture bags, Photo Album and Book covers, Canvas Prints, tissues and more ..... from your own digital images.