RE: Firewall Hardware Recommendations

["Timothy Donahue" <tdonahue () Haynes-Group com>]

> I am not trying to question your working experience with WG: 
> I work for a
> company who support Watchguard, apart from other products 
> .... including
> Sonicwall and Borderware ...
>
> Since I started supporting Watchguard, around 2000, and may have
> criss-crossed about atleast 150 to 200 fireboxes / customers 
> or more, and
> still supporting a majority of this number, and the scenarios 
> you mentioned
> were (occasionally) showing up on the older softwares, where 
> they used a

I have a Firebox III 700, and I can verify the crashes happen.  Both
times, it was version 6.2.  I had one removing the VPN key, and another
one when all I was doing was applying a routing update. (I will admit
that I was changing all but one of the routes the Firebox knew, but
still....)  I also have had it just stop routing packets twice in the
last couple months.

I am getting ready to replace ours with a PIX or OpenBSD's PF in the
next couple of months.  We will probably go with the PIX, because of
Cisco's support, but I am using PF for all our internal firewalls.  If
you are looking for something stable, and secure, I would recommend
using one of those.  

I would recommend a Watchguard Firewall to a startup company, but from
the description of the Original Poster's network, it sounds like you
need something slightly more robust than what I have seen from the
Watchguard line.  In this case, I would recommend either the PIX or PF.
(Side note: I have heard that Checkpoint firewalls are excellent as
well, I just have never had the oportunity to use one.)

My $.02.

Tim Donahue

---------------------------------------------------------------------------
----------------------------------------------------------------------------