Netscreen offers a stateful filtering firewall, as I understand it.
Their big advantage is that they do the firewall rules and IPSEC
encryption in silicon, so they can offer a significant performance
improvement over traditional architectures (such as what the PIX
offers).
I have used them at customer sites in the low-end configuration
(NetScreen 5), and the customers seems pretty happy with the ease
of use and configuration simplicity. In that respect, they are probably
competing largely with folks like SonicWall.
I have not tried a NetScreen in >T1 speed network, but I would
imagine that if the "appliance" nature of the product allows you to
implement your security policy, you would have the advantage of a
very compact implementation with high-performance and good pricing.
They also do load balancing (simple) and traffic shaping.
In terms of IPSEC, they are quite compatible based on the tests we
did in our labs & at Interop last year.
One thing I particularly like about the NetScreen is that you can
operate it in bridge mode, rather than router mode (which is what
a PIX or FW1 requires). That lets you slap it in, try it out, and
then pull it out if you don't like it. It also hides the existence
of the firewall from an attacker pretty effectively, since its IP adddress
doesn't show up ever in anything.
NetScreen just got bought by Efficient, which probably means that they
will be pushing their low-end box into a DSL configuration. That gives the
company a lot of potential longevity, which is nice. They have also just
introduced their gigabit firewall, which is (as far as I know) the only one to
talk 801.1Q out the butt, which gives you the option of a massive number of
VLANs, all managed, etc. etc.
The other nice thing about the Efficient buy is that the NASDAQ crash just
pushed their stock into the dumpster, which means that they'll be fairly
agressively looking for new business to prove things to Wall Street next
quarter. This says to me that you probably have some nice leverage with them
to offer you either discounts or additional hardware. (Sigh... I can remember
the days when a buyer actually had leverage with Cisco... Them's over forever)
I would encourage you to look at NetScreen seriously, if you are thinking that
the P word is key to your buying decision.
jms
Disclaimer: I have, in the past, been paid by NetScreen to look at their
products and render a professional opinion.
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
[EMAIL PROTECTED] http://www.opus1.com/jms Opus One
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
