RE: Which one to choose: Checkpoint,Cisco,Juniper Netscreen

The new Astaro appliances are also very nice for lower volume per unit
scenarios, and have a vast array of anti-spam, anti-spyware, IDS/IPS
(inline snort), and reporting features.  And they are cheap.  We were
going to go with Netscreen, but ended up going with the Astaro as it did
all the same stuff and more (and we needed certain security features as
opposed to pure performance).  The Astaro units have full routing, VPN,
authentication, NAT, high availability, etc.  They just don't make them
as big as the high end PIX/Netscreen/Checkpoint boxes.  Of course, you
can also buy the distro and throw it on your own gear, as a build your
own gateway kind of deal.

Otherwise, I definitely second the Netscreens.  Especially for higher
volumes.

Chris J. Cooper

-----Original Message-----
From: Charles Antrim [mailto:chuck@antrim.org] 
Sent: Saturday, May 07, 2005 9:11 AM
To: Guillome Main
Cc: firewalls@securityfocus.comfirewalls@securityfocus.com
Subject: Re: Which one to choose: Checkpoint,Cisco,Juniper Netscreen

I recommend the Juniper Netscreen.

The Netscreen does all that you require below.

If
On May 6, 2005, at 2:49 AM, Guillome Main wrote:

>  Hi All,
>
> I would like to ask some advice from you. I need to buy a firewall/vpn

> appliance for my business.
> Here is what we have now:
> Two hosted servers at ISP location.
> These two servers need at least 50-10 site-to-site vpn connection to 
> other parties remote locations and remote user vpn access as well.
> The maximum daily traffic is 100Mb at the moment, but will increase in

> the future.
>
> Which manufacturer would you choose?
> I checked out:
> Cisco Pix 15
> Checkpoint Firewall-1
> Juniper Netscreen 25-50
>
> Here are the requirements:
>
> Firewall/VPN appliance requirements
>
> Firewall:
> -    Protocol anomaly detection
> -    Deep inspection/application level: http, ftp, smtp, pop, dns, stb
> -    NAT / PAT
>
> VPN:
> -    Concurrent Branch Office Site-to-Site VPN tunnels: min 10
> -    Mobile user VPN tunnels: up to 50
> -    Tunnel interfaces: min 10
> -    Encryption: DES, 3DES, AES
> -    Authentication algorithms: MD5, SHA1
> -    Authentication type: Preshared Key, IKE, PKI(X.509), L2TP/IPSEC,
> PPTP, CHAP, MSCHAP, MSCHAPv2, and PAP
> -    Perfect forward secrecy (PFS): DH Group 1,2,5
> -    IPSEC NAT-T
> -    IPSEC in Transport Mode not only in Tunnel Mode (net-to-net,
> host-to-net, host-to-host)
> -    VPN User connection with VPN clients
>
> Firewall and VPN User authentication:
> -    built in database: up to 100 users
> -    3rd party authentication: RADIUS, RSA SecureID, LDAP
> -    Authentication method: web based, client based (3rd party VPN  
> client
> or MS Windows built-in)
>
> High Availability (optional):
> -    network load balance capability or
> -    active-passive cluster capability (fail-over)
>
> IP Address Assignment:
> -    Static
> -    DHCP
>
> System management:
> -    WebUI
> -    Console
> -    SSH
> -    Real-time monitoring
> -    Historical reporting
> -    Alarm, event notification
>
> Administration:
> -    configuration roll-back
> -    applying minor access or configuration changes without restarting
> the device
>
>
>
>
> WSAPP:
> Ez a level virusellenorzesen esett at!
> This message was checked against viruses!