go95
asked on
Looking for a new firewall solution
I am designing a new network and need to purchase new firewalls. Since Cisco is sending the Pix's to end of life i'm not sure where to go. I'm not really interested in the ASA's. Does anyone have any recommendations for a top of the line firewall solution?
I have always quite liked the Fortigates - they seem pretty good value and ours have stayed up forever.
http://www.fortinet.com
But I like the Netscreen/Junipers as well, I have found Fortigate support to be better.
http://www.fortinet.com
But I like the Netscreen/Junipers as well, I have found Fortigate support to be better.
Never used Fortigate - I think Juniper is an extremely well performing non-intuitive POS personally. I manage several hundred different FWs in over a hundred different environments/companies. If you like PIXen then ASA is a logical upgrade path.
I'm also curious where you saw that PIX would be EOL? They might stop selling it in lieu of ASA, but I think it's on the supported list through 2009?
http://www.cisco.com/en/US/products/prod_end_of_life.html
Note that the PIX 515 listed is the 515 stock - no 515e (which is different)
PIX v6.x and PIX 515e is not even listen on that page yet. The policy says they have to provide a pretty good amount of lead time
http://www.cisco.com/en/US/products/products_end-of-life_policy.html
I'm also curious where you saw that PIX would be EOL? They might stop selling it in lieu of ASA, but I think it's on the supported list through 2009?
http://www.cisco.com/en/US/products/prod_end_of_life.html
Note that the PIX 515 listed is the 515 stock - no 515e (which is different)
PIX v6.x and PIX 515e is not even listen on that page yet. The policy says they have to provide a pretty good amount of lead time
http://www.cisco.com/en/US/products/products_end-of-life_policy.html
Cisco is moving away.. The ArSAs are publically ridiculed. Keep away from them. Cisco will pull support fro PIX and, soon , ASA.
They have a core strategic driection to untangle themselves from security. Too hard for s company that now has fucussed on selling routers and switches by the kilo.
They have a core strategic driection to untangle themselves from security. Too hard for s company that now has fucussed on selling routers and switches by the kilo.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have insight (which it sounds as you do) then say as much - making blanket statements about a major vendor being crap without backing it up doesn't help anyone.
I don't think PIX/ASA are crap - I think they are a hell of a FW. They don't try to do a bunch of other stuff (ala CP). The interface makes sense (both cli and new asdm) - as opposed to Juniper. They are stable devices. I manage several hundred firewalls from different vendors in over a hundred different larger corporate environments.
I can't comment on MARS, nor their direction, nor their partner practices - I'd be curious to know more info if you'll provide it.
I don't think PIX/ASA are crap - I think they are a hell of a FW. They don't try to do a bunch of other stuff (ala CP). The interface makes sense (both cli and new asdm) - as opposed to Juniper. They are stable devices. I manage several hundred firewalls from different vendors in over a hundred different larger corporate environments.
I can't comment on MARS, nor their direction, nor their partner practices - I'd be curious to know more info if you'll provide it.
Hi,
I have utilised checkpoint FW1 and now checkpoint NGX in relatively large environment.
We have deployed using HP Proliant 360 G5's as two enforcement modules running NGX SPLAT which is checkpoint's secure platform. We chose this over the appliance as we already had cold spares.
For an overall firewall solution it does the job very nicely. It is however the most expensive on the market.
Hope this helps
Cheers
I have utilised checkpoint FW1 and now checkpoint NGX in relatively large environment.
We have deployed using HP Proliant 360 G5's as two enforcement modules running NGX SPLAT which is checkpoint's secure platform. We chose this over the appliance as we already had cold spares.
For an overall firewall solution it does the job very nicely. It is however the most expensive on the market.
Hope this helps
Cheers
http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/index.html
o Complete line of firewall / VPN solutions for enterprises and service providers
o Tightly integrated set of best-in-class security applications to protect against Worms, Trojans, Viruses and other malware
o Multiple management mechanisms including complete CLI, WebUI or centralized management via NetScreen Security-Manager facilitate rapid deployment while minimizing ongoing operational costs
Tolomir