Solved

Wich Firewall can be the best ?

Posted on 2006-07-20
22
596 Views
Last Modified: 2013-11-16
Hi ,

Wich one of the next three firewalls is a better choice ?

Sonicwall Pro 4100
WatchGuard Firebox X1250e
D-link DFL1600

I already received suggestions about Cisco PIX series and Juniper Netscreen but they are out of my budget.
Thanks
0
Comment
Question by:gzarate
  • 10
  • 6
  • 4
  • +2
22 Comments
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17149842
umm....the DFL1600 is in your price range (which I'm finding for over $3000), but the cisco (an ASA 5510 for ~$2000) and junipers aren't

What exactly is your budget anyway.

Of the three, (never used any, but have used a dlink firewall before) I'd go with the Sonicwall (heard the most good things about it)

However there may be some other firewalls.  If you say what your budget is, we might be able to make some better recommendations
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17150604
The 3 firewalls listed are well above $3,800+.  Dlinks, Sonicwalls, watchguard are not firewall market leaders.
I would get a Cisco ASA 5510 going for $2,400, which is one of the firewall market leaders.

sonicwalls government and small businesses mainly use these, they have proven to be unreliable.  Their support is the best out of the 3 you listed.  also, probably the best support out in the market beating CheckPoint, PIX, and Juniper.

watchguards has the tendency of putting a lot of functionality into one box, like web filtering, antivirus protection, which really don't belong on a firewall and makes the firewall service very weak.  just like if you want a photo printer, do you go just for a photo printer or do you buy a multifunctional printer that does printing, scanning, copying, faxing.

dlinks support is very bad and they don't update their OS too often.  With this in mind it's been proven to be unreliable.  They really should stick to residential customers and not embrass themselves in the commerical market.

I hope this helps.

David
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17150664
plus if you list what you actually want and the horsepower you need we can also make a better recommendation.  Heck a PIX 506E or 501 (granted they are being end-of-lifed though) or a Juniper Netscreen 5GT might be good enough (~$1000).
0
 

Author Comment

by:gzarate
ID: 17153875
As my backbone is gigaspeed , I am looking for a gigaspeed firewall with the capabilities to support branch office VPN and DMZ zone , I don´t need antivirus protection and other security services because I already have an appliance doing so. Probably the only service I could use is the url filtering but nothing else.

I am willing to pay $5,000 and no more


0
 

Author Comment

by:gzarate
ID: 17153948
I forgot to say that VoIP and Videoconference are part of the traffic on my network.

I don´t want to get confused,  Cyclops3590 you said you have heard the most things about Sonicwall but Pentrix2 says the opposite.

0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 250 total points
ID: 17154052
take my comment with a grain of salt.....i've never used one, i'm only going off what I've heard in passing from others

Personally I'm a Cisco guy, but I'd also look at Juniper if forced to.  However those are the only two brands for enterprise firewalls I'd consider (just my opinion though)

Many others use watchguard, sonicwall, and maybe even dlink (although I doubt it) and are happy.

Btw, if only your backbone is gigabit, then is the port the firewall would be plugged into also gigabit.  If not, then its worthless spending the extra money for it.  If so, then are any other hosts also plugged into gigabit ports.  If not, then its questionable that you really need that capability.  But if you do need gig ports on the firewall, look at the ASA 5520 for Cisco
0
 

Author Comment

by:gzarate
ID: 17154170
The whole network is gigaspeed, switches , webshield appliance and actually the router is going to be gigabit too ( Cisco 2821).

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17154220
gotcha, then if you went with Cisco it'd be the ASA 5520 then, but that's out of your price range then
0
 

Author Comment

by:gzarate
ID: 17154272
Do you have any idea how much that can be ?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17154295
showing ~$5500 from CDW
0
 

Author Comment

by:gzarate
ID: 17154314
There is a huge difference between the ASA 5520 and the PIX525 ( $9935)
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17154333
plus even though the PIX 525 can support PIX OS 7.x the PIX family is getting phased out for the ASA family
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17155808
Question .. Unless you connections coming out of the network are gigaspeed what does it matter since your internet connection is going to be the slowest spot so why bother spending the extra for gig ports on the firewall
0
 
LVL 9

Accepted Solution

by:
Pentrix2 earned 250 total points
ID: 17159918
If the internet pipe is gigabit then usually cost is not an issue, which customers usually have a catalyst 6500 with an FWSM to produce gigabit backpane throughput.  Depending on the amount of traffic passing will determine what particular Cisco ASA will be required.  Also, keep in mind of future growth, will it double in size in the next 2 years.

David
0
 

Author Comment

by:gzarate
ID: 17171351
I agree with Pentrix2 about keeping in mind the future growth plus the Corporate policies say that I am going to keep it at least 4 years .

What about using the Juniper SSG 520 instead of the CISCO ASA 5520 ?
0
 

Author Comment

by:gzarate
ID: 17171386
Just for letting you guys now that the SoncWall Pro 4100 is about $5200 very close to the CISCO ASA 5520
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17171704
I would either do one of the other, Cisco ASA 5520 or Juniper Netscreen 208.  I prefer Cisco ASA 5520 because it has gigabit interface and has support for an IPS module.  I wouldn't do the SonicWall Pro 4100 because it's unreliable and it's throughput does not match the Cisco ASAs.  If you do Cisco ASA remember to get the Security Plus license because it'll increase all areas dramatically or else it wouldn't be worth getting.  They should run another $1,600 extra.

David
0
 

Author Comment

by:gzarate
ID: 17184274
Pentrix2,

Is not the Juniper Netscreen 208, it is the SSG 520  and it has gigabit interface too .
0
 

Author Comment

by:gzarate
ID: 17218870
After doing a deep comparasion between the Cisco ASA 5520 and the Juniper SSG 520, I will go for the Juniper, the tech specs are pretty much the same , Juniper has some advantages over Cisco incliding $800 difference in the cost.

Thank you for all your efforts, I feel confident now that I am going to get a good Firewall .

0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 17220053
To give you a heads up.  Cisco ASA/PIX has a lot more support documents, links, user forum (like this one, www.experts-exchange.com) than Juniper Netscreens.  Also, from my professional experience I was fortunate to deploy and migrate both of these vendors (Cisco ASA and Juniper Netscreen) in a medium size environment and I can tell you the Cisco ASA is a lot more easier to configure.

Just my 2 cents.

:)

David
0
 

Author Comment

by:gzarate
ID: 17264092
I have no doubt Cisco is good ,however I decided to buy the Juniper SSG520 it looks more powerful device plus it is cheaper.

Thanks again
0
 

Expert Comment

by:coolfunsport
ID: 23801739
I am currently evaluating the ASA5510 vs SSG140. I'd like to know what your experience has been with the Juniper if that's what you finally went with. Also, what vendor did you  use to buy the Juniper or Cisco and what should I be looking to pay?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now