The Ethical Hacker Network

BillV

Hero Member

Offline

Posts: 1892

Firewalls

« on: April 03, 2007, 10:08:54 AM »

Our Symantec Firewall at work is dying. We're in the process of looking for a new one. Our contact at CDW has recommended Juniper. Our WAN guy wants to go with a Cisco PIX and someone else likes Checkpoint. What's everyones suggestions on firewalls? Had a tougher time getting through one in comparison to another? To me they should all be close to the same (other than the type), but they're going to block or allow traffic the way you want so long as it's configured properly. Anyone have good/bad experiences with any specifically? I've also heard good things about Astaro, but I don't know much about them. Also, our current firewall is running DNS as well, so a new one that can do the same is preferable.

I personally would like to see a Cisco PIX or the Checkpoint as I'd like to learn about either.


« Last Edit: April 03, 2007, 10:15:19 AM by venom77 »	Logged

Cutaway

Jr. Member

Offline

Posts: 96

Cutaway

Re: Firewalls

« Reply #1 on: April 03, 2007, 10:35:28 AM »

You might want to check out Cobia http://cobia.stillsecure.com/. I can get you in touch with Martin McKeay if you would like to talk to him about it. PM me and I'll see what I can do.

Cutaway


	Logged

Go forth and do good things,
Cutaway

Negrita

Sr. Member

Offline

Posts: 299

Re: Firewalls

« Reply #2 on: April 03, 2007, 11:19:28 AM »

The best is definately Check Point though they're rather expensive. You may want to check out Fortigate too. Personally I wouldn't touch a PIX with a barge pole. But that just my opinion (based on previous work experience).


	Logged

CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.

LSOChris

Guest

Re: Firewalls

« Reply #3 on: April 03, 2007, 11:48:43 AM »

ok do tell why the cisco PIX is sucky.


	Logged

slimjim100

EH-Net Columnist
Sr. Member

Offline

Posts: 385

Re: Firewalls

« Reply #4 on: April 03, 2007, 01:39:46 PM »

I use Juniper Netscreens and for real low end clients Sonicwall. I have been burned with Pix's low end firewalls in the past and I consider my self pretty good with most Cisco products. I just like the implantation my Juniper/Netscreen with how there firewalls are like putty you can shape. you have full control over what ports are trust or un-trust or what ever you would like to name them you can set rules in any fashion that fits what you need and for VPN solutions the Netscreens are just rock solid.

My $0.02

Brian

(BTW you can find the older NS5 firewalls on e-bay for less than $50 each.)


	Logged

CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP

CadillacGolfer

Newbie

Offline

Posts: 36

Re: Firewalls

« Reply #5 on: April 05, 2007, 03:38:28 PM »

As with any technology implementation, what is "best" is dependent on what your requirments are.

Do you have need to manage many firewalls and wish to do so from a signle console for polciies and logging? then maybe Checkpoint is best

Do you have really high bandwidth needs and have a ton of VPN clients coming in? Well, then Netscreen might be your choice.

Does your security policy or risk analysis make you move more toward a proxy type firewall versus a stateful inspection firewall? then Maybe Sidewinder is best

etc, etc ,etc

Every vendor will always claim to solve all your needs when the truth is something different.


	Logged

estriches

Newbie

Offline

Posts: 29

Re: Firewalls

« Reply #6 on: April 17, 2007, 02:36:43 PM »

we run a symantec enterprise appliance that does real nice and also load balances two t1's we have at work. we currently run about 100 people out of that appliance and it has held up pretty nicely.


	Logged

C|EH, C++ programmer

BillV

Hero Member

Offline

Posts: 1892

Re: Firewalls

« Reply #7 on: April 17, 2007, 06:33:23 PM »

Yeah.. our Symantec seemed to do the job, but has had too many issues with shutting down and not coming back up.

FYI/Update: We decided to go with the Juniper firewall. Thanks everyone for your suggestions/advice


	Logged

Oyle

Sr. Member

Offline

Posts: 264

"Man. Nature. Technology".

Re: Firewalls

« Reply #8 on: April 17, 2007, 07:27:41 PM »

As far as my limited experience, I would go for the PIX. The PIX may be sucky, like Negrita says, but it is by far the industry standard, and the most effiecient out there. I hate to get into all cliches and everything, but you get what you pay for.

Cisco is a lot of work; you'll need to do your homework on it, but I'd bet that anything you need to do, a PIX will do it for you.

My 10 cents.


	Logged

MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
-Tapeworm

oleDB

Recruiters
Full Member

Offline

Posts: 236

Re: Firewalls

« Reply #9 on: April 19, 2007, 02:32:09 PM »

Juniper is the hands down winner in throughput. When we tested several products in the lab a few years back, it wasn't even close. I also like Checkpoints very much. They are very easy to use and allow you to use 3rd party hardware if needed. The only one product I wouldn't recommend is the PIX. For me it scores low on every category you could possibly want in a firewall. But for some reason, router guys feel more comfortable with it because they know cisco, but don't know firewalls. Also, since Cisco sales guys are already selling companies routers/switches, they always have an edge. If money is no object and your going for the best firewall you can get, you can't go wrong with Juniper or Checkpoint.


	Logged

Pages: [1] Go Up

« previous next »