Solved

Wich Firewall can be the best ?

Posted on 2006-07-20
22
598 Views
Last Modified: 2013-11-16
Hi ,

Wich one of the next three firewalls is a better choice ?

Sonicwall Pro 4100
WatchGuard Firebox X1250e
D-link DFL1600

I already received suggestions about Cisco PIX series and Juniper Netscreen but they are out of my budget.
Thanks
0
Comment
Question by:gzarate
  • 10
  • 6
  • 4
  • +2
22 Comments
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17149842
umm....the DFL1600 is in your price range (which I'm finding for over $3000), but the cisco (an ASA 5510 for ~$2000) and junipers aren't

What exactly is your budget anyway.

Of the three, (never used any, but have used a dlink firewall before) I'd go with the Sonicwall (heard the most good things about it)

However there may be some other firewalls.  If you say what your budget is, we might be able to make some better recommendations
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17150604
The 3 firewalls listed are well above $3,800+.  Dlinks, Sonicwalls, watchguard are not firewall market leaders.
I would get a Cisco ASA 5510 going for $2,400, which is one of the firewall market leaders.

sonicwalls government and small businesses mainly use these, they have proven to be unreliable.  Their support is the best out of the 3 you listed.  also, probably the best support out in the market beating CheckPoint, PIX, and Juniper.

watchguards has the tendency of putting a lot of functionality into one box, like web filtering, antivirus protection, which really don't belong on a firewall and makes the firewall service very weak.  just like if you want a photo printer, do you go just for a photo printer or do you buy a multifunctional printer that does printing, scanning, copying, faxing.

dlinks support is very bad and they don't update their OS too often.  With this in mind it's been proven to be unreliable.  They really should stick to residential customers and not embrass themselves in the commerical market.

I hope this helps.

David
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17150664
plus if you list what you actually want and the horsepower you need we can also make a better recommendation.  Heck a PIX 506E or 501 (granted they are being end-of-lifed though) or a Juniper Netscreen 5GT might be good enough (~$1000).
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:gzarate
ID: 17153875
As my backbone is gigaspeed , I am looking for a gigaspeed firewall with the capabilities to support branch office VPN and DMZ zone , I don´t need antivirus protection and other security services because I already have an appliance doing so. Probably the only service I could use is the url filtering but nothing else.

I am willing to pay $5,000 and no more


0
 

Author Comment

by:gzarate
ID: 17153948
I forgot to say that VoIP and Videoconference are part of the traffic on my network.

I don´t want to get confused,  Cyclops3590 you said you have heard the most things about Sonicwall but Pentrix2 says the opposite.

0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 250 total points
ID: 17154052
take my comment with a grain of salt.....i've never used one, i'm only going off what I've heard in passing from others

Personally I'm a Cisco guy, but I'd also look at Juniper if forced to.  However those are the only two brands for enterprise firewalls I'd consider (just my opinion though)

Many others use watchguard, sonicwall, and maybe even dlink (although I doubt it) and are happy.

Btw, if only your backbone is gigabit, then is the port the firewall would be plugged into also gigabit.  If not, then its worthless spending the extra money for it.  If so, then are any other hosts also plugged into gigabit ports.  If not, then its questionable that you really need that capability.  But if you do need gig ports on the firewall, look at the ASA 5520 for Cisco
0
 

Author Comment

by:gzarate
ID: 17154170
The whole network is gigaspeed, switches , webshield appliance and actually the router is going to be gigabit too ( Cisco 2821).

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17154220
gotcha, then if you went with Cisco it'd be the ASA 5520 then, but that's out of your price range then
0
 

Author Comment

by:gzarate
ID: 17154272
Do you have any idea how much that can be ?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17154295
showing ~$5500 from CDW
0
 

Author Comment

by:gzarate
ID: 17154314
There is a huge difference between the ASA 5520 and the PIX525 ( $9935)
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17154333
plus even though the PIX 525 can support PIX OS 7.x the PIX family is getting phased out for the ASA family
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17155808
Question .. Unless you connections coming out of the network are gigaspeed what does it matter since your internet connection is going to be the slowest spot so why bother spending the extra for gig ports on the firewall
0
 
LVL 9

Accepted Solution

by:
Pentrix2 earned 250 total points
ID: 17159918
If the internet pipe is gigabit then usually cost is not an issue, which customers usually have a catalyst 6500 with an FWSM to produce gigabit backpane throughput.  Depending on the amount of traffic passing will determine what particular Cisco ASA will be required.  Also, keep in mind of future growth, will it double in size in the next 2 years.

David
0
 

Author Comment

by:gzarate
ID: 17171351
I agree with Pentrix2 about keeping in mind the future growth plus the Corporate policies say that I am going to keep it at least 4 years .

What about using the Juniper SSG 520 instead of the CISCO ASA 5520 ?
0
 

Author Comment

by:gzarate
ID: 17171386
Just for letting you guys now that the SoncWall Pro 4100 is about $5200 very close to the CISCO ASA 5520
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17171704
I would either do one of the other, Cisco ASA 5520 or Juniper Netscreen 208.  I prefer Cisco ASA 5520 because it has gigabit interface and has support for an IPS module.  I wouldn't do the SonicWall Pro 4100 because it's unreliable and it's throughput does not match the Cisco ASAs.  If you do Cisco ASA remember to get the Security Plus license because it'll increase all areas dramatically or else it wouldn't be worth getting.  They should run another $1,600 extra.

David
0
 

Author Comment

by:gzarate
ID: 17184274
Pentrix2,

Is not the Juniper Netscreen 208, it is the SSG 520  and it has gigabit interface too .
0
 

Author Comment

by:gzarate
ID: 17218870
After doing a deep comparasion between the Cisco ASA 5520 and the Juniper SSG 520, I will go for the Juniper, the tech specs are pretty much the same , Juniper has some advantages over Cisco incliding $800 difference in the cost.

Thank you for all your efforts, I feel confident now that I am going to get a good Firewall .

0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17220053
To give you a heads up.  Cisco ASA/PIX has a lot more support documents, links, user forum (like this one, www.experts-exchange.com) than Juniper Netscreens.  Also, from my professional experience I was fortunate to deploy and migrate both of these vendors (Cisco ASA and Juniper Netscreen) in a medium size environment and I can tell you the Cisco ASA is a lot more easier to configure.

Just my 2 cents.

:)

David
0
 

Author Comment

by:gzarate
ID: 17264092
I have no doubt Cisco is good ,however I decided to buy the Juniper SSG520 it looks more powerful device plus it is cheaper.

Thanks again
0
 

Expert Comment

by:coolfunsport
ID: 23801739
I am currently evaluating the ASA5510 vs SSG140. I'd like to know what your experience has been with the Juniper if that's what you finally went with. Also, what vendor did you  use to buy the Juniper or Cisco and what should I be looking to pay?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
assessing firewall rules 3 84
Direct Access 2012R2 Two Network Card Configuration Behind TMG 2010 3 49
DHCP lease issue ? 8 94
Is my Machine open to hackers 3 99
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question