• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 668
  • Last Modified:

watchguard Vs netscreen

Hello,
  I am considering watchguard x1000 or an equivalent Netscreen for a datacenter environment. Number of VPN connections is not that important however banwidth and thruput are most important. I will have around 6-8 web/app servers in DMZ ( combinations of redhat, solaris, w2k ). I have had bad experiences with sonicwall and will stay away from them. Iam also open to cisco pix but don't have much experience with cisco except lower end router configuration. I need to be able to support 800-1000 connections simultaneously among the webservers. The outbound is 1MBPS dedicated circuit ( I will get it upgraded soon). I can get my bosses to invest atmost $4K-5K. I have been maintaining ipfilters on su boxes and ip tables on redhat and find it very diffcult to maintain the rules constantly. Please suggest your exp with watchguard x1000 seriens or netscreen -25/50.

Thanks
0
danths
Asked:
danths
  • 3
1 Solution
 
fendermb4Commented:
I would go with the Watchguard x1000.  The  proxy services on the fireboxes are really handy and have lots of higher layer features.  For instance, the SMTP proxy service can drop attachments right at the firewall that are of a particular mime type or filename.  You can also block by subject line right at the firewall.  The HTTP and FTP proxy services have lots of features to, like the ability to restrict outbound FTP to read only, or whatever you want.  These proxy services can stop a lot of attacks, and make it easy for you to mitigate the risks of viruses and whatnot.  Plus, the X series firewall have a lot of stuff coming out for them, like gateway antivirus scanning via a software key upgrade.  They are also software upgradeable, performance wise.  So if you outgrow the x1000, you can buy a key and upgrade it to the next level without tossing your investment in the X1000.

It is extremely easy to manage VPN tunnels, and you'll have no trouble terminating IPSEC or PPTP tunnels.  

I've installed an x1000 on a busy 4mbps connection and had no trouble with it at all.  

Good Luck!  Enjoy your watchguard!
0
 
danthsAuthor Commented:
I need to put this firewall in front of few web servers serving 2 Million hits a day or roughly 30 hits every secondly not considering the burst factor wich could be as high as 10 times that number. WOuld watchguards serve that kind of thruput and simultaneous connections? I tried sonicwall and they couldn't.
0
 
fendermb4Commented:
Not a problem.  The X1000 is rated for 200,000 concurrent connections.  The X2500 is rated for 500,000 concurrent connections.  Also, you could start with an X1000 and upgrade it to a 2500 if it isn't keeping up.

I had an X1000 installed for a company that did streaming media, lots of connections, lots of heavy traffic and it was great.
0
 
fendermb4Commented:
How is the decision coming?  Have you bought your Watchguard yet?
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now