Solved

Firebox X500 vs Symantec Gateway 360R

Posted on 2004-09-13
3
358 Views
Last Modified: 2010-04-09
Hello experts.

We have a 50 user company. I was looking to get a firewall, and after a some research, desided to go with Firebox X500.
My reasoning was: good reviews, easy to maintain, and not very complicated in settings.
Recently though, i saw Symantec Gateway Security 360R, and thought that it might be a better choice, price wise.

From what i see, main difference is firewall throughput Sym 60Mgbs and Firebox 100Mgbs, and VPN Sym 15Mgbs and firebox 20Mgbs.
Can you guys briff me on other differences that might be important, and a little definition on Throughput would be great too :)

thank you
0
Comment
Question by:dialbat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 125 total points
ID: 12050191
Firebox X500 is a better firewall due to its application level filtering - whereas the Symantec firewall does not (only does stateful packet inspections).  I would definitely forgoe wireless upgradability for that alone.

Throughput is just how much data the firewall can handle at once - both incoming and outgoing.  Since each of the packets must be analyzed for security, every firewall (software, hardware, or both combined) has a limit as to how much it can handle at once.
0
 

Author Comment

by:dialbat
ID: 12050403
Thanks Lime.
But can u add some more on wireless, adding it to X500? good bad?
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12050535
Well the wireless option on the Symantec is pretty much sticking a notebook wireless card in the PC Card slot on the side.  This option truly is bizarre as my firewall is deep within an air conditioned room surrounded by wires and power cables that would probably limit the Symantec's wireless range to just outside the locked steel door.  I don't understand what they were thinking when they offered this option...  anyways...

With any wired layout you can just add wireless just by plugging an access point into the network regardless of what firewall you have (it's just that easy).  Now for the bad part.  Adding an access point to the network increases your point of attack from one (the firewall) to two - the firewall and the access point.  If you decided you were fed up with hackers and decided to block all access to and from the net in the firewall (or just unpluged the WAN by accident...), intrusion can still be had via the access point.

My current network has an access point but it is simply for some 802.11b wireless spy cams - don't ask me... the boss wanted it.  I am filtering wireless access by MAC address which hardens the access point's security... in addition to a 128 bit WEP key.  My opinion on wireless:  Unless you have a really strong reason for using wireless (like if the CEO just wanted to use his wireless laptop or something), I wouldn't rush out and get a wireless access point - especially in areas where there's a lot of people (NYC, LA, etc...).  Wireless hijacking is really common in those areas - in fact there are 6 unprotected wireless networks in my apartment building alone (sigh...).

Again, if it fits your needs, get it.  Otherwise, avoid it like the plague.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question