Tally List : mailing list management, archiving, and analysis
click for archive home
 
Archive of:
Imail Forum
Ipswitch list for Imail
 
home
24 hour view
quick stats
weekly updates
 
all tallylists
corporate solutions
archive your favorite
help / feedback

Search the Tallylist search by keyword:
About Imail :
product's home
product's list home
 
   Archived TallyList / Imail Forum: 
Subject: Re: OT: Firewalls
Dave Marchette (85p/+2r)     Posted: Sunday 18 Feb 2001
This post: 28 views, +0 rating
My $.02 on Firewalls. Not really OT if you own an Imail server and want to defend it from evil people who hate you :(

--- *.nix, BSD: Several nice free solutions, VERY powerful, quick, efficient, but still hybrid (hardware\software) based. --- PIX: So-so, industry standard but not allot of bang for buck(typical Cisco) --- Nokia: a bit on the inefficient side at times, even worse under full wire speed. --- SonicWall and Gnat: Nice lightweight boxes but do not seem to react well (lockup) when you throw even close to the max number of simultaneous connections at 'em --- Netscreen: After 4 months of tedious and ehxaustive comparative analysis, I am in the process of moving a 50 location enterprise to Netscreen firewalls. A pair of NS10's on the main backbone and NS5E's for each location. Because: --- 1 ASIC driven: all processing is done with custom app specific chips, instead of trying to morph a 68xxx and 5536x into a firewall (i.e. Cisco) --- 2 Wirespeed ability: Though most of these FWs work at wirespeed... have you measured them? The NS-100 boxes actually throughput at 100M\Sec under full load (10,000 simultaneous connections) and still maintain decent availability to legit connections even during an attack condition. --- 3 Fully IPSEC compliant VPN ability. I like VPN. The fact that I can run 10,000 Lan-Lan 3DES IKE controlled(key changes every 5 seconds)fully routed tunnels through a pair of highly-availability boxes had a certain appeal to me. Though I only use 50 lan-lan tunnels, it is nice to know I can expand to 10,000. --- 4 Two irrelevant factors for us but appealing to most: cost and configurability. These boxes are cheap and easy to configure. When it comes to protecting a large enterprise, cost should really not be an object these days when any @ss with a PC can download a script to DoS a PIX in 10 seconds flat. Nevertheless NS boxes are relatively cheap compared to the other hardware based solutions we tested. --- 5 NS tech support is arrogant and cocky. Luckily these boxes are easy to configure but if you do need to call support, make sure you are drunk first, else you are likely to take it personally. ---

I am definitely no security expert but if you have any further questions you can contact me off the list, addy is in the headers.

Dave

----- Original Message ----- From: Phil Daws To: IMail_Forum@list.ipswitch.com Sent: Sunday, February 18, 2001 2:18 AM Subject: [IMail Forum] OT: Firewalls

Hi ...

We are deciding on whether to purchase SonicWall Pro or GnatBox GB-1000. Have any of you had experience with either of these two products? Any feedback would be appreciated.

regards

Phil

Similar Subject Line Posts (+/- two weeks of this post)
Re: OT: Firewalls  18 Feb 2001 (this post)   (28 v/ +0 r)
Re: OT: Firewalls  18 Feb 2001   (17 v/ +0 r)
Re: OT: Firewalls  18 Feb 2001   (21 v/ +0 r)
Re: OT: Firewalls  18 Feb 2001   (16 v/ +0 r)
OT: Firewalls  18 Feb 2001   (18 v/ +0 r)
 
Send a reply to the Imail Forum list!
click to send a reply! NOTE: Many lists will reject your post unless you have already registered with them. Also - don't forget the right account to send from (for those with multiple emails!)
Feedback: If this post was exceptionally helpful, please help by giving this post a positive review.

 
TallyList : copyright Ububik - 2000