Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netscreen firewalls

From: Stephen Gill <gillsr () cymru com>
Date: Mon, 18 Dec 2006 10:17:24 -0700
I'm working now almost 10 years with Netscreen Firewalls.


Netscreen was founded in 1997 so we're nearly there ;).  Ah the good ol'
days of the gray NS5.


Yes, they have they little software bugs as every other piece of software,
but these bugs only show up if you do very complex installations with VPN
tunnels and OSPF and virtual firewalls.


Not exactly.  Quite a few interesting bugs have creeped in over the years,
especially as new features are added.  For an old but basic example, see:

http://www.cymru.com/gillsr/documents/maximizing-firewall-availability.pdf

I've done a fair bit of lab testing for NS and some bugs have been more
interesting than others.  Netscreen have been great about documenting them
in the release notes however.   Don't always trust the categorization of
bugs, and look through all sections if you're really interested in spotting
security issues. 


I know PIX, Checkpoint, Fortinet, Sonicwall and quite some others, but the
only one that comes close is Fortinet. This one has some advantages on the
content inspection side, like virus scanning, but if it comes to network
integration with dynamic routing and VPN than Netscreen is my preferred one.


Netscreen has content and virus inspection as well although I've not used
them extensively. 


PIX and Checkpoint are 5 years behind compared to Netscreen and Fortinet.


I don't think that's entirely accurate - 5 years is a LONG time in firewall
years.  Five years ago netscreen was still behind the competition in a few
areas.  A LOT has transpired in all vendors since then and Cisco has come a
long ways in terms of direction, features, etc.  The PIX is no longer their
top firewall platform either.   They are well ahead of the curve but I think
that is more caracterized by how their interface and design is implemented.
Their differentiating factors are more in usability, design, maintenance.

Fortinet and Netscreen share the same former CEO, so it's not suprising they
have a very similar feel.  It will be interesting to see how Fortinet
continues to grow.  They've come a long ways from when they were founded in
2000.


In the whole time I work with Netscreen, they had a few minor bugs security
wise, but none of rendered your firewall useless.


See above.
 

They are simple to configure and maintain.

...

My full recommendation.


Seconded!

Cheers,
-- steve


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: