Do you choose your firewall vendor/platform based primarily on best
case
claims for throughput, concurrent connections, and VPN tunnels?
I work in a client driven business, therefore it all depends on the solution
that is needed. If the client is linking to an IPVPN, for example, it is
important, as with certain businesses with many remote users, or managed
services, like co-loc terminal services.
For application layer protection I would use neither products, for serious
hosting f5 or SEF is the road to go down.
-----Original Message-----
From: Kevin [mailto:kkadow@gmail.com]
Sent: 23 February 2005 00:21
To: firewalls@securityfocus.com
Subject: Choosing a firewall (was Re:firewall suggestion)
On Thu, 17 Feb 2005 09:17:46 +0000, tom.farrar@it-ps.com
<tom.farrar@it-ps.com> wrote:
The PIX 515 is far superior to netscreen's,
Do either PIX or Netscreen do full fragment reassembly yet?
full stop(.) - by concurrent connections or VPN tunnel, or even
throughput.
Do you choose your firewall vendor/platform based primarily on best case
claims for throughput, concurrent connections, and VPN tunnels?
Just playing devil's advocate here, but shouldn't security appliance
selection
be driven by the *security* features implemented by each vendor? I'd hope
that all vendors are pretty much on equal footing in the arena of stateful
inspection packet filter features, and the real differentiation would be in
layers 5-7, with buzzwords like signature scanning and protocol anomaly
detection and "application layer" attack mitigation taking center stage.
I see PIX has just now added "deep inspection" for a handful of protocols,
Netscreen has twice as many listed in their marketing literature.
Kevin Kadow
