Solved

Wich Firewall can be the best ?

Posted on 2006-07-20
22
594 Views
Last Modified: 2013-11-16
Hi ,

Wich one of the next three firewalls is a better choice ?

Sonicwall Pro 4100
WatchGuard Firebox X1250e
D-link DFL1600

I already received suggestions about Cisco PIX series and Juniper Netscreen but they are out of my budget.
Thanks
0
Comment
Question by:gzarate
  • 10
  • 6
  • 4
  • +2
22 Comments
 
LVL 25

Expert Comment

by:Cyclops3590
Comment Utility
umm....the DFL1600 is in your price range (which I'm finding for over $3000), but the cisco (an ASA 5510 for ~$2000) and junipers aren't

What exactly is your budget anyway.

Of the three, (never used any, but have used a dlink firewall before) I'd go with the Sonicwall (heard the most good things about it)

However there may be some other firewalls.  If you say what your budget is, we might be able to make some better recommendations
0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
The 3 firewalls listed are well above $3,800+.  Dlinks, Sonicwalls, watchguard are not firewall market leaders.
I would get a Cisco ASA 5510 going for $2,400, which is one of the firewall market leaders.

sonicwalls government and small businesses mainly use these, they have proven to be unreliable.  Their support is the best out of the 3 you listed.  also, probably the best support out in the market beating CheckPoint, PIX, and Juniper.

watchguards has the tendency of putting a lot of functionality into one box, like web filtering, antivirus protection, which really don't belong on a firewall and makes the firewall service very weak.  just like if you want a photo printer, do you go just for a photo printer or do you buy a multifunctional printer that does printing, scanning, copying, faxing.

dlinks support is very bad and they don't update their OS too often.  With this in mind it's been proven to be unreliable.  They really should stick to residential customers and not embrass themselves in the commerical market.

I hope this helps.

David
0
 
LVL 25

Expert Comment

by:Cyclops3590
Comment Utility
plus if you list what you actually want and the horsepower you need we can also make a better recommendation.  Heck a PIX 506E or 501 (granted they are being end-of-lifed though) or a Juniper Netscreen 5GT might be good enough (~$1000).
0
 

Author Comment

by:gzarate
Comment Utility
As my backbone is gigaspeed , I am looking for a gigaspeed firewall with the capabilities to support branch office VPN and DMZ zone , I don´t need antivirus protection and other security services because I already have an appliance doing so. Probably the only service I could use is the url filtering but nothing else.

I am willing to pay $5,000 and no more


0
 

Author Comment

by:gzarate
Comment Utility
I forgot to say that VoIP and Videoconference are part of the traffic on my network.

I don´t want to get confused,  Cyclops3590 you said you have heard the most things about Sonicwall but Pentrix2 says the opposite.

0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 250 total points
Comment Utility
take my comment with a grain of salt.....i've never used one, i'm only going off what I've heard in passing from others

Personally I'm a Cisco guy, but I'd also look at Juniper if forced to.  However those are the only two brands for enterprise firewalls I'd consider (just my opinion though)

Many others use watchguard, sonicwall, and maybe even dlink (although I doubt it) and are happy.

Btw, if only your backbone is gigabit, then is the port the firewall would be plugged into also gigabit.  If not, then its worthless spending the extra money for it.  If so, then are any other hosts also plugged into gigabit ports.  If not, then its questionable that you really need that capability.  But if you do need gig ports on the firewall, look at the ASA 5520 for Cisco
0
 

Author Comment

by:gzarate
Comment Utility
The whole network is gigaspeed, switches , webshield appliance and actually the router is going to be gigabit too ( Cisco 2821).

0
 
LVL 25

Expert Comment

by:Cyclops3590
Comment Utility
gotcha, then if you went with Cisco it'd be the ASA 5520 then, but that's out of your price range then
0
 

Author Comment

by:gzarate
Comment Utility
Do you have any idea how much that can be ?
0
 
LVL 25

Expert Comment

by:Cyclops3590
Comment Utility
showing ~$5500 from CDW
0
 

Author Comment

by:gzarate
Comment Utility
There is a huge difference between the ASA 5520 and the PIX525 ( $9935)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 25

Expert Comment

by:Cyclops3590
Comment Utility
plus even though the PIX 525 can support PIX OS 7.x the PIX family is getting phased out for the ASA family
0
 
LVL 11

Expert Comment

by:prueconsulting
Comment Utility
Question .. Unless you connections coming out of the network are gigaspeed what does it matter since your internet connection is going to be the slowest spot so why bother spending the extra for gig ports on the firewall
0
 
LVL 9

Accepted Solution

by:
Pentrix2 earned 250 total points
Comment Utility
If the internet pipe is gigabit then usually cost is not an issue, which customers usually have a catalyst 6500 with an FWSM to produce gigabit backpane throughput.  Depending on the amount of traffic passing will determine what particular Cisco ASA will be required.  Also, keep in mind of future growth, will it double in size in the next 2 years.

David
0
 

Author Comment

by:gzarate
Comment Utility
I agree with Pentrix2 about keeping in mind the future growth plus the Corporate policies say that I am going to keep it at least 4 years .

What about using the Juniper SSG 520 instead of the CISCO ASA 5520 ?
0
 

Author Comment

by:gzarate
Comment Utility
Just for letting you guys now that the SoncWall Pro 4100 is about $5200 very close to the CISCO ASA 5520
0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
I would either do one of the other, Cisco ASA 5520 or Juniper Netscreen 208.  I prefer Cisco ASA 5520 because it has gigabit interface and has support for an IPS module.  I wouldn't do the SonicWall Pro 4100 because it's unreliable and it's throughput does not match the Cisco ASAs.  If you do Cisco ASA remember to get the Security Plus license because it'll increase all areas dramatically or else it wouldn't be worth getting.  They should run another $1,600 extra.

David
0
 

Author Comment

by:gzarate
Comment Utility
Pentrix2,

Is not the Juniper Netscreen 208, it is the SSG 520  and it has gigabit interface too .
0
 

Author Comment

by:gzarate
Comment Utility
After doing a deep comparasion between the Cisco ASA 5520 and the Juniper SSG 520, I will go for the Juniper, the tech specs are pretty much the same , Juniper has some advantages over Cisco incliding $800 difference in the cost.

Thank you for all your efforts, I feel confident now that I am going to get a good Firewall .

0
 
LVL 9

Expert Comment

by:Pentrix2
Comment Utility
To give you a heads up.  Cisco ASA/PIX has a lot more support documents, links, user forum (like this one, www.experts-exchange.com) than Juniper Netscreens.  Also, from my professional experience I was fortunate to deploy and migrate both of these vendors (Cisco ASA and Juniper Netscreen) in a medium size environment and I can tell you the Cisco ASA is a lot more easier to configure.

Just my 2 cents.

:)

David
0
 

Author Comment

by:gzarate
Comment Utility
I have no doubt Cisco is good ,however I decided to buy the Juniper SSG520 it looks more powerful device plus it is cheaper.

Thanks again
0
 

Expert Comment

by:coolfunsport
Comment Utility
I am currently evaluating the ASA5510 vs SSG140. I'd like to know what your experience has been with the Juniper if that's what you finally went with. Also, what vendor did you  use to buy the Juniper or Cisco and what should I be looking to pay?
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now