I've recently played with them in a lab. They are good for people who are looking for
an easy solution that only does IP/Port filtering this appliance does no content
filtering. If you are looking for something that does VPN it works nicely.
What are your needs? I don't think that the NS-100 is very expensive and if you have
small remote sites requiring VPN they have smaller boxes for those situations. If you
don't have a firewall now a netscreen is a good place to start.
For someone who needs high security, VPN, HA etc, then this would work well in
conjunction with other firewalls or appliances like Nokia/Checkpoint, or Gauntlet to
provide a greater depth to your security. Place the NS directly behind the border
router to minimize what is in a DMZ. Set up the router with some basic rules, no
small services, no source routing, etc. Then set a more complex set of rules on the
NS to off load some of the processing from the router. You could then implement an
application proxy behind the NS for added security. Because of the layered approach
the proxy is not dealing with traffic which was blocked at the other 2 devices which
frees the processor and improves performance.
Sorry for such the long discussion about design. Hope this helps.
Dave Leach, MCSE+ I
Systems Security Engineer
EWA, Information and Infrastructure Technologies
>>> Andy Haigh <[EMAIL PROTECTED]> 07/26/00 08:34PM >>>
Has anyone any experience of Netscreen's firewalls, if so what is your
opinion of them?
Thanks
Andy Haigh
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
