I have to support CheckPoint, NetScreen and PIX in our datacenters and I have a NetScreen 5 and SonicWall Pro 200 sitting on my desk to test different scenarios dealing with XP and syslog messaging.
The NetScreen is simple to configure and can be used in transparent mode (i.e. bridging). Since I am not really into reading manuals a found this the easiest of all four firewalls to configure without reading a book. What I like about this box is that when you use it in transparent mode you don't have to make any router changes, subnet re-allocations, etc. The downside to this is that you cannot VPN to a NetScreen in transparent mode since there is no defined IP on the external interface.
My main complaint about the SonicWall is the console interface. It is really non-existent when if comes to configuring the box via command line syntax. I favor the NetScreen over the SonicWall when it comes to configuring it.
The PIX is a PIX. I rather configured this box using the command line syntax rather then depending on the GUI interface so that I can fully understand what is going on in the box. This box has not given us any problems that are worth mentioning, however, I have only dealt with the 515's and above series models.
Final note: From a performance issue I believe the NetScreen uses an ASIC chip whereas the PIX'ie uses the Intel CPU. Could someone on the mailing list confirm this.
Have a decent day,
David Shimamoto
Senior Security Engineer
AppliedTheory Communications, Inc.
Syracuse, New York 13088
(315) 453-2912
At 08:32 AM 2/21/02 -0500, you wrote:
Hi Mike,
From my own recent experience with Netscreen, make sure to give yourself plenty of time for learning how to configure it and plan to spend time on the phone with technical support. Both the documentation supplied with the product and the resources available online are extremely limited. Apart from that, I have not experienced any significant issues with the appliance itself. There also appear to be many resellers of Netscreens on this list.
My experience with Sonicwall is limited to one client who has several. Unfortunately, that experience is helping them set up an interim solution while they are waiting for replacement units. I don't have enough data to say whether the problem is endemic throughout their product line but, this particular client has had two of the SOHO and one Sonicwall Pro (I know - lower end products then what you are looking at) give up the ghost. To their credit, replacement was not an issue but, it did take time.
Hope the downside information helps you prepare for your project.
Regards
Ken
- -----Original Message-----
- From: Ralph Los [mailto:[EMAIL PROTECTED]]
- Sent: Wednesday, February 20, 2002 5:17 PM
- To: 'Mike Guadagnino'; [EMAIL PROTECTED]
- Subject: RE: Firebox/SonicWall/Netscreen
- NetScreen. Don't waste your time on the rest, trust someone who works with them all every day.
- ----------------------------------------|
- Ralph M. Los
- Sr. Security Consultant and Trainer
- EnterEdge Technology, L.L.C.
- [EMAIL PROTECTED]
- (770) 955-9899 x.206
- ----------------------------------------|
- ::-----Original Message-----
- ::From: Mike Guadagnino [mailto:[EMAIL PROTECTED]]
- ::Sent: Wednesday, February 20, 2002 3:09 PM
- ::To: [EMAIL PROTECTED]
- ::Subject: Firebox/SonicWall/Netscreen
- ::
- ::
- ::Hi there -
- ::
- ::After a fair amount of research I have narrowed my choices to these 3
- ::products:
- ::
- ::FireBox 1000
- ::SonicWall 200
- ::NetScreen 25
- ::
- ::These were based on performance with a big emphasis on ease
- ::of use (being a one man show here), for under $5000. I have
- ::about 300 clients connected to the Internet on a T1. I will
- ::be hosting a mail and multiple web servers (all with fairly
- ::low usage). Eventually about 50 of my users will be given VPN access.
- ::
- ::Just looking for any insights or comments on any of these
- ::products. Or, God forbid, any product I may have overlooked
- ::in this category.
- ::
- ::Thanks!
- ::Mike
- ::_______________________________________________
- ::Firewalls mailing list
- ::[EMAIL PROTECTED]
- ::http://lists.gnac.net/mailman/listinfo/firewal::ls
- ::
