.

Sonicwall NSA UTM??

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Aug 22, 2008 12:56 am

Sonicwall NSA UTM??

I have a friend that asked the following question:

Have you ever tested the sonicwall NSA UTM as a web-app firewall? They are not in any of the bake offs, but they are swearing to me that it is that it can contend against Breach and F5. Just curious if you have anything to say about it. I did not see it on the owasp recommendations page.


I have no experience with this device, so I thought I'd throw it out to the crowd.

Thanks,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Fri Aug 22, 2008 10:23 am

Re: Sonicwall NSA UTM??

I was at a presentation last year where Joel from NetworkWorld did a presentation on in depth tested UTMs.  The consensus... on pretty much ALL UTMs... is that they are semi ok, then you turn on the firewall and generaly:

A:  The firewall sucks
B:  Thoughput drops like 50% to 80%. 

Then if you go about turning on ALL the bells and whistles, you're looking at turning your little UTM box into a fancy turd in a wonderfully expensive bottleneck to make your network go from Gigabit or 10 Gig to down in the 10Mb or so throughput.  Someone made mention at Blackhat to UTMs with firewalls on... I forget the exact wording, but I seem to remember Turd in a Box.  Obviously this isn't a definitive or personal experience I'm posting, but what I have read.  I would suggest doing an article search on NetworkWorld's website, or if you want slides from his talk I can probably post them.  It has all of the statistics on network setup, testing gear, and specific UTM models tested.
"Bad.. Good?  I'm the guy with the gun"

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software