Solved

watchguard Vs netscreen

Posted on 2004-10-21
663 Views
Last Modified: 2013-11-16
Hello,
  I am considering watchguard x1000 or an equivalent Netscreen for a datacenter environment. Number of VPN connections is not that important however banwidth and thruput are most important. I will have around 6-8 web/app servers in DMZ ( combinations of redhat, solaris, w2k ). I have had bad experiences with sonicwall and will stay away from them. Iam also open to cisco pix but don't have much experience with cisco except lower end router configuration. I need to be able to support 800-1000 connections simultaneously among the webservers. The outbound is 1MBPS dedicated circuit ( I will get it upgraded soon). I can get my bosses to invest atmost $4K-5K. I have been maintaining ipfilters on su boxes and ip tables on redhat and find it very diffcult to maintain the rules constantly. Please suggest your exp with watchguard x1000 seriens or netscreen -25/50.

Thanks
0
Question by:danths
    4 Comments
     
    LVL 2

    Expert Comment

    by:fendermb4
    I would go with the Watchguard x1000.  The  proxy services on the fireboxes are really handy and have lots of higher layer features.  For instance, the SMTP proxy service can drop attachments right at the firewall that are of a particular mime type or filename.  You can also block by subject line right at the firewall.  The HTTP and FTP proxy services have lots of features to, like the ability to restrict outbound FTP to read only, or whatever you want.  These proxy services can stop a lot of attacks, and make it easy for you to mitigate the risks of viruses and whatnot.  Plus, the X series firewall have a lot of stuff coming out for them, like gateway antivirus scanning via a software key upgrade.  They are also software upgradeable, performance wise.  So if you outgrow the x1000, you can buy a key and upgrade it to the next level without tossing your investment in the X1000.

    It is extremely easy to manage VPN tunnels, and you'll have no trouble terminating IPSEC or PPTP tunnels.  

    I've installed an x1000 on a busy 4mbps connection and had no trouble with it at all.  

    Good Luck!  Enjoy your watchguard!
    0
     
    LVL 6

    Author Comment

    by:danths
    I need to put this firewall in front of few web servers serving 2 Million hits a day or roughly 30 hits every secondly not considering the burst factor wich could be as high as 10 times that number. WOuld watchguards serve that kind of thruput and simultaneous connections? I tried sonicwall and they couldn't.
    0
     
    LVL 2

    Accepted Solution

    by:
    Not a problem.  The X1000 is rated for 200,000 concurrent connections.  The X2500 is rated for 500,000 concurrent connections.  Also, you could start with an X1000 and upgrade it to a 2500 if it isn't keeping up.

    I had an X1000 installed for a company that did streaming media, lots of connections, lots of heavy traffic and it was great.
    0
     
    LVL 2

    Expert Comment

    by:fendermb4
    How is the decision coming?  Have you bought your Watchguard yet?
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    Title # Comments Views Activity
    Cent os 3way handshake 1 63
    GPR - Cannot telnet 15 79
    Unblock IP Address in Sonicwall 3 55
    Is my Machine open to hackers 3 58
    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

    877 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now