RE: CP Vs SonicWall Vs PIX Vs Netscreen Vs Symantec

["Josh Welch" <jwelch () buffalowildwings com>]

bit_suryanto80 () yahoo com sg said:
> Hello,
>
> We are currently evaluating several remote firewall
> devices for broadband usage:
>
> Checkpoint VPN1-pro
> SonicWall
> PIX-515E-UR
> Intrusions PDS
> Netscreen 50
> Symantec Gateway Security 5300
>
> I've been poking around the net for some recent
> comparisons and what not about the different platfomrs
> to no avail so I've decided to approach the user
> community.
>
> There will be several hundred at least and I figure
> that some folks out there may have some interesting
> thoughts or comments on the different platforms that
> may have escaped us.  We are looking for the good, the
> bad and the ugly.  The critical issues are:
>
>   security issues of the individual platform
>
>   management issues (sw, firmware, policy)
>
>   mechanisms for managing virus sw revisions
>
>   dual vs triple interfaces
>     we'd like to separate "home" from "work"
>
> thnx.u
I've been looking at a smaller deployment of the same type, I'll give you my
impressions so far. I am largely focusing on the PIX and NS at this point,
checkpoint is beyond my budget, hadn't heard of Intrusions, and I've heard
rumblings of financial difficulties at Sonicwall that I have not yet
confirmed. I may look at the Symantec yet.
If these are for SOHO users (that's what I think of when I see broadband),
then you'd want to look at the Netscreen 5 and PIX 501 types. They are sized
more appropriately for these purposes.
I don't remember seeing AV capability in the PIX, the NS 5GT did or will
have it, can't remember. Then again, I don't know if I want that on my
firewall or not.
You can block ActiveX and Java thingies with the Netscreen, I don't know if
you can with the PIX (I've researched the Netscreen a fair bit, but am just
beginning on the PIX).
I don't like the web interface on the NS, web server on firewall makes me
nervous, but I am assuming I can turn it off.
Both NS and Cisco offer a central management solution, seems like a good
thing to invest in with a bunch of FW running, trying to convince management
of same. The NS Solution I looked at allowed for updating policies and
software revs.
As far as security of one versus the other, I don't know. They are both
certified by the ICSA labs, and have Common Criteria EAL 4 ratings with the
proper software revisision, this seems like a good thing.

That's what I have so far,
HTH
Josh

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards