On 24 Nov 99, at 12:19, [EMAIL PROTECTED] wrote:
> I've seen a few other questions asked about NetScreen, but no one
> seems to have an opinion. Is this because they're still new and
> not many people know about them? Or are people suspicious of their
> claims and technology? Also, are there other products that might be
> able to address the issues that we're looking at?
Where I am now, we have a couple of NetScreens. Performance seems
to be very nice, and price is definitely competitive. I have no
evidence that it is any less secure than the Cisco PIXes that I've
been used to.
I am, however, rather unhappy with the logs produced. We're using
NAT, and details of that don't show up in the log. The box has three
interfaces (trusted, untrusted, DMZ) but log entries do not indicate
which interfaces a given item involved. I do not see the volume of
refused connections that I expect to -- maybe they're not logged?
Where a log entry involves a port number >32767, it has been sign-
extended from 16 to 32 bits and then reported as unsigned.
I am forced to conclude that NetScreen is designed for the
management that believes a firewall is a box you install, configure,
and then ignore because now your network is secure. I cannot imagine
that NetScreen is getting much feedback from people who are trying to
actually *monitor* the operation of their boxes....
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
