.

Firewalls

<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Apr 03, 2007 10:08 am

Firewalls

Our Symantec Firewall at work is dying. We're in the process of looking for a new one. Our contact at CDW has recommended Juniper. Our WAN guy wants to go with a Cisco PIX and someone else likes Checkpoint. What's everyones suggestions on firewalls? Had a tougher time getting through one in comparison to another? To me they should all be close to the same (other than the type), but they're going to block or allow traffic the way you want so long as it's configured properly. Anyone have good/bad experiences with any specifically? I've also heard good things about Astaro, but I don't know much about them. Also, our current firewall is running DNS as well, so a new one that can do the same is preferable.

I personally would like to see a Cisco PIX or the Checkpoint as I'd like to learn about either.
Last edited by venom77 on Tue Apr 03, 2007 10:15 am, edited 1 time in total.
<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Tue Apr 03, 2007 10:35 am

Re: Firewalls

You might want to check out Cobia http://cobia.stillsecure.com/.  I can get you in touch with Martin McKeay if you would like to talk to him about it.  PM me and I'll see what I can do.

Cutaway
Go forth and do good things,
Cutaway
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Tue Apr 03, 2007 11:19 am

Re: Firewalls

The best is definately Check Point though they're rather expensive. You may want to check out Fortigate too. Personally I wouldn't touch a PIX with a barge pole. But that just my opinion (based on previous work experience).
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

LSOChris

Post Tue Apr 03, 2007 11:48 am

Re: Firewalls

ok do tell why the cisco PIX is sucky.
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue Apr 03, 2007 1:39 pm

Re: Firewalls

I use Juniper Netscreens and for real low end clients Sonicwall. I have been burned with Pix's low end firewalls in the past and I consider my self pretty good with most Cisco products. I just like the implantation my Juniper/Netscreen with how there firewalls are like putty you can shape. you have full control over what ports are trust or un-trust or what ever you would like to name them you can set rules in any fashion that fits what you need and for VPN solutions the Netscreens are just rock solid.


My $0.02

Brian

(BTW you can find the older NS5 firewalls on e-bay for less than $50 each.)
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

CadillacGolfer

Newbie
Newbie

Posts: 36

Joined: Thu Dec 14, 2006 1:58 pm

Post Thu Apr 05, 2007 3:38 pm

Re: Firewalls

As with any technology implementation, what is "best" is dependent on what your requirments are.

  Do you have need to manage many firewalls and wish to do so from a signle console for polciies and logging?  then maybe Checkpoint is best

  Do you have really high bandwidth needs and have a ton of VPN clients coming in?  Well, then Netscreen might be your choice.

  Does your security policy or risk analysis make you move more toward a proxy type firewall versus a stateful inspection firewall?  then Maybe Sidewinder is best

  etc, etc ,etc

Every vendor will always claim to solve all your needs when the truth is something different.
<<

estriches

Newbie
Newbie

Posts: 29

Joined: Mon Apr 16, 2007 1:56 pm

Post Tue Apr 17, 2007 2:36 pm

Re: Firewalls

we run a symantec enterprise appliance that does real nice and also load balances two t1's we have at work. we currently run about 100 people out of that appliance and it has held up pretty nicely.
C|EH, C++ programmer
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Apr 17, 2007 6:33 pm

Re: Firewalls

Yeah.. our Symantec seemed to do the job, but has had too many issues with shutting down and not coming back up.

FYI/Update: We decided to go with the Juniper firewall. Thanks everyone for your suggestions/advice :)
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Tue Apr 17, 2007 7:27 pm

Re: Firewalls

As far as my limited experience, I would go for the PIX. The PIX may be sucky, like Negrita says, but it is by far the industry standard, and the most effiecient out there. I hate to get into all cliches and everything, but you get what you pay for.

Cisco is a lot of work; you'll need to do your homework on it, but I'd bet that anything you need to do, a PIX will do it for you.

My 10 cents.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Thu Apr 19, 2007 2:32 pm

Re: Firewalls

Juniper is the hands down winner in throughput. When we tested several products in the lab a few years back, it wasn't even close. I also like Checkpoints very much. They are very easy to use and allow you to use 3rd party hardware if needed. The only one product I wouldn't recommend is the PIX. For me it scores low on every category you could possibly want in a firewall. But for some reason, router guys feel more comfortable with it because they know cisco, but don't know firewalls. Also, since Cisco sales guys are already selling companies routers/switches, they always have an edge. If money is no object and your going for the best firewall you can get, you can't go wrong with Juniper or Checkpoint.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software