Educause Security Discussion mailing list archives
Re: Firewall replacement
From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Mon, 7 Mar 2011 13:26:36 -0500
I've had experience with Juniper, Cisco (some Pix, ASA 5540s) and Sonicwall. My reaction: The Sonicwall probably makes configuring vpns easiest and an experienced admin will have virtually no learning curve. Additionally it will probably do everything you want and somehow not really seem like it can. However, you may be occasionally frustrated by the simplicity and lack of under-the-hoodness (to make up a word) if you're coming from a Cisco enviroment. The ASA's on the other hand are a pretty good attempt, by Cisco standards, of making an appliance with a GUI interface that is actually useful and capable of doing almost everything you'd need to do and more- with a learning curve. You can get under the hood if you want to and get some good troubleshooting information too. Things can seem scattered around the interface a bit and occasionally unncessarily complicated (it's still a Cisco device), but there are a wealth of features. If you want to customize your pages, set group policies, integrate posture checking later you can do that. It can be as complicated or as simple as you need, IMHO. I'd say stability is good enough on most of the major names. For me it comes down to what I want to accomplish. If I need simple fast service because I'm dealing with many other things and all I need is simple vpn services and management overhead is my primary concern, then I might choose the Sonicwall. If features are the issue, I might choose the ASAs. Also, one thing you may want to look at is licensing options for the various platforms. D/C The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes:
We have been running a pair of ASA5520s in a failover cluster for firewall, client VPN connections and webvpn connections and they have worked well. Bruce Entwistle Network Manager University of Redlands From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D. Sent: Monday, March 07, 2011 8:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Firewall replacement We are beginning to look at replacing our Sonicwall firewalls. My experience is mostly with Cisco Pix, which were rock solid, and older ASA code running on Pix appliances. Are the new ASA appliances as stable as the old Pix boxes? Our needs are simple; stateful firewall, User VPN, site to site VPN, and a handful of SSL VPN connections if possible. I prefer appliances, but am open to any suggestions. Platform stability is my greatest concern. Anyone out there running a Linux FW appliance like Vyatta? If so experiences and feedback would be welcome. Thanks for any suggestions or feedback, Brian
Current thread:
- AD self service password reset ? Witmer, Robert (Mar 07)
- Re: AD self service password reset ? Kellogg, Brian D. (Mar 07)
- Re: AD self service password reset ? SCHALIP, MICHAEL (Mar 07)
- Re: AD self service password reset ? Ben Williams (Mar 07)
- Re: AD self service password reset ? SCHALIP, MICHAEL (Mar 07)
- Firewall replacement Kellogg, Brian D. (Mar 07)
- Re: Firewall replacement schilling (Mar 07)
- Re: Firewall replacement Entwistle, Bruce (Mar 07)
- Re: Firewall replacement Dexter Caldwell (Mar 07)
- Re: Firewall replacement King, Ronald A. (Mar 07)
- Re: Firewall replacement Jeff Kell (Mar 07)
- Re: AD self service password reset ? Ben Williams (Mar 07)
- Re: AD self service password reset ? Russ Leathe (Mar 07)
- Re: AD self service password reset ? Gallese, Brady T. (Mar 07)
- Re: AD self service password reset ? Chris Green (Mar 07)
- Re: AD self service password reset ? Francis, Greg (Mar 16)
- Re: AD self service password reset ? Rich Graves (Mar 17)