at a previous job (a college) compared sonic and pix, just a few notes on the sonic:
the XRPS had a limit on the number of (un)filtered ports of 127, required java enabled netscape (no command line access), reset active connections on configuration change, no measurement tools available, didn't seem to support rsh, enforced use of idle session timeout (99 minutes max), management sessions were not encrypted, didn't seem to have a flexible network config (supported a single route - default), the concurrent session limit (i think was about 6000).
never got a chance to try the VX, but I believe it has similar limitations, although i'm sure the concurrent session limit is higher (i think 120000)
-----Original Message-----
From: Andy Haigh [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 04, 2000 8:23 PM
To: 'Firewall List (E-mail)'
Subject: Choice of Firewall
Sorry resent as hit send button a bit early last time.
We are currently reviewing our firewall and have come down to the following
choices:
PIX 515
Checkpoint FW-1 on a Nokia Appliance
Sonicwall Pro-VX
Enternet 5.1
We are looking for a solution that provides connection to the internet via a
256k frame link, provides a DMZ and longer term allows us to have VPN
connections. The firewall will be serving about 100 users and as always the
choice will be dependant on price, but not solely.
The Cisco PIX 515 is reasonably cheap for us being a Cisco reseller and does
provide us with an upgrade path for the device. Configuration would not be
as easy due to having to use CLI, but I believe there is a GUI for
administrating the firewall at extra cost. It does provide VPN at an extra
cost and has got a high throughput. Support is available 24 x 7 at extra
cost and is normally very good.
The FW-1 solution from our research seems the easiest to use and has good
support from many lists, the companies support (Checkpoint) seems to be very
lacking. Though I believe we would actually be supported by Nokia. VPN
solutions available at extra cost. The cost of the product is also pretty
high, if you require more than two network cards.
The Sonicwall Pro-VX is one of the cheaper solutions and provides all we are
looking for as well as an acclerator card for VPN connections. Free firmware
downloads. Though the performance throughput for VPN was poor in a recent
test.
I have only recently started looking at Enternet 5.1 and so far am quite
impressed. Provides support for up to 16 ethernet connections has very high
throughputs and provides a VPN solution. Don't have any details yet on
pricing or support as yet. I believe v6.0 which will be released soon allows
for 64 individual interfaces, as well as transfer rates of about 500Mbps.
Please could provide me with your thoughts on the products listed above, and
let me know which one you would chose if required, completely non-binding
:). Just trying to get a feel of other peoples thoughts, as I am sure the
majority of you have more experience than I when it comes to Firewalls.
Thanks in advance for any advice provided.
Andy
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
