As Hammer stated, you hit all the big ones. ASA's are a classic fallback because of the stability implied by the cisco name. Complaints about them tend to be cost on getting all the shiny bits attached to them (IDS, IPS, Content filtering). This coming from a Cisco partner. I am not a Netscreen fan myself due to past experiences and sour tastes. Checkpoint's are OK, but I don't like the application need for configuring on SMB appliances.
Add to the list Sonicwall. We use them primarily for our customers at work and are partners with them as well. They have appliances that go from 10 office size to Active/Active HA pairing that can do multi gbit of throughput. They support all the standard features you look for IPSEC VPN, SSLVPN, L2TP, VLAN Interfaces, Dynamic routing support (OSPF and RIP in small models, BGP in the larger) LDAP auth for all of the above, content filtering, IPS, IDS, Anti Spyware stateful blah blah and centralized management. Some of the newer things that are gaining popularity that you can license is the App Visualization (think netflow in a web UI with good filters), WAN Acceleration modules via a VMware Appliance, RBL Filtering (which can be applied to just about anything), DPI-SSL inspection for https traffic, Active/Active HA, Physical port redundancy per appliance, list goes on. Configuration logic is similar to a ASA, however takes a little to get used to. The nice thing is everything in the config is name based and searchable within the WebUI and you can talk non technical people through making changes in the config if you have to. The feature list is growing every day, and I almost prefer them anymore just because of the simplicity as well as the scalability. Ping me if you have more questions or want a few example setups. Blake -----Original Message----- From: Jones, Barry [mailto:bejo...@semprautilities.com] Sent: Tuesday, November 08, 2011 4:07 PM To: nanog@nanog.org Subject: Firewalls - Ease of Use and Maintenance? Hello all. I am potentially looking at firewall products and wanted suggestions as to the easiest firewalls to install, configure and maintain? I have a few small networks ( 50 nodes at one site, 50 odd at another, and maybe 20 at another. I have worked with Cisco Pix, ASA, Netscreen, and Checkpoint (Nokia), and each have strong and not as strong features for ease of use. Like everyone, I'm resource challenged and need an easy solution to stand up and operate. Feel free to ping me offline - and thank you for the assistance. ---------------------------------------- Barry Jones - CISSP GSNA Project Manager II Sempra Energy Utilities (760) 271-6822 P please don't print this e-mail unless you really need to. ----------------------------------------
