watchguard Vs netscreen

  I am considering watchguard x1000 or an equivalent Netscreen for a datacenter environment. Number of VPN connections is not that important however banwidth and thruput are most important. I will have around 6-8 web/app servers in DMZ ( combinations of redhat, solaris, w2k ). I have had bad experiences with sonicwall and will stay away from them. Iam also open to cisco pix but don't have much experience with cisco except lower end router configuration. I need to be able to support 800-1000 connections simultaneously among the webservers. The outbound is 1MBPS dedicated circuit ( I will get it upgraded soon). I can get my bosses to invest atmost $4K-5K. I have been maintaining ipfilters on su boxes and ip tables on redhat and find it very diffcult to maintain the rules constantly. Please suggest your exp with watchguard x1000 seriens or netscreen -25/50.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would go with the Watchguard x1000.  The  proxy services on the fireboxes are really handy and have lots of higher layer features.  For instance, the SMTP proxy service can drop attachments right at the firewall that are of a particular mime type or filename.  You can also block by subject line right at the firewall.  The HTTP and FTP proxy services have lots of features to, like the ability to restrict outbound FTP to read only, or whatever you want.  These proxy services can stop a lot of attacks, and make it easy for you to mitigate the risks of viruses and whatnot.  Plus, the X series firewall have a lot of stuff coming out for them, like gateway antivirus scanning via a software key upgrade.  They are also software upgradeable, performance wise.  So if you outgrow the x1000, you can buy a key and upgrade it to the next level without tossing your investment in the X1000.

It is extremely easy to manage VPN tunnels, and you'll have no trouble terminating IPSEC or PPTP tunnels.  

I've installed an x1000 on a busy 4mbps connection and had no trouble with it at all.  

Good Luck!  Enjoy your watchguard!
danthsAuthor Commented:
I need to put this firewall in front of few web servers serving 2 Million hits a day or roughly 30 hits every secondly not considering the burst factor wich could be as high as 10 times that number. WOuld watchguards serve that kind of thruput and simultaneous connections? I tried sonicwall and they couldn't.
Not a problem.  The X1000 is rated for 200,000 concurrent connections.  The X2500 is rated for 500,000 concurrent connections.  Also, you could start with an X1000 and upgrade it to a 2500 if it isn't keeping up.

I had an X1000 installed for a company that did streaming media, lots of connections, lots of heavy traffic and it was great.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How is the decision coming?  Have you bought your Watchguard yet?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.