Link to home
Start Free TrialLog in
Avatar of danths
danthsFlag for United States of America

asked on

watchguard Vs netscreen

Hello,
  I am considering watchguard x1000 or an equivalent Netscreen for a datacenter environment. Number of VPN connections is not that important however banwidth and thruput are most important. I will have around 6-8 web/app servers in DMZ ( combinations of redhat, solaris, w2k ). I have had bad experiences with sonicwall and will stay away from them. Iam also open to cisco pix but don't have much experience with cisco except lower end router configuration. I need to be able to support 800-1000 connections simultaneously among the webservers. The outbound is 1MBPS dedicated circuit ( I will get it upgraded soon). I can get my bosses to invest atmost $4K-5K. I have been maintaining ipfilters on su boxes and ip tables on redhat and find it very diffcult to maintain the rules constantly. Please suggest your exp with watchguard x1000 seriens or netscreen -25/50.

Thanks
Avatar of fendermb4
fendermb4
I would go with the Watchguard x1000.  The  proxy services on the fireboxes are really handy and have lots of higher layer features.  For instance, the SMTP proxy service can drop attachments right at the firewall that are of a particular mime type or filename.  You can also block by subject line right at the firewall.  The HTTP and FTP proxy services have lots of features to, like the ability to restrict outbound FTP to read only, or whatever you want.  These proxy services can stop a lot of attacks, and make it easy for you to mitigate the risks of viruses and whatnot.  Plus, the X series firewall have a lot of stuff coming out for them, like gateway antivirus scanning via a software key upgrade.  They are also software upgradeable, performance wise.  So if you outgrow the x1000, you can buy a key and upgrade it to the next level without tossing your investment in the X1000.

It is extremely easy to manage VPN tunnels, and you'll have no trouble terminating IPSEC or PPTP tunnels.  

I've installed an x1000 on a busy 4mbps connection and had no trouble with it at all.  

Good Luck!  Enjoy your watchguard!
Avatar of danths
danths
Flag of United States of America image

ASKER

I need to put this firewall in front of few web servers serving 2 Million hits a day or roughly 30 hits every secondly not considering the burst factor wich could be as high as 10 times that number. WOuld watchguards serve that kind of thruput and simultaneous connections? I tried sonicwall and they couldn't.
ASKER CERTIFIED SOLUTION
Avatar of fendermb4
fendermb4
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of fendermb4
fendermb4
How is the decision coming?  Have you bought your Watchguard yet?