Glenn Shiffer wrote:
> If you don't need a full featured heavy duty FW like Check Point on
> Nokia, or are looking for something a bit easier to use, the brick
> should work just fine. Cost wise it's not any bargin, list is about
> $20K, which is compareable with a good Nokia box.
A pair of bricks is also dramatically more expensive than a pair of
PIX-515-URs (one UR, one Failover-only unit) and two 4-port 10/100
ethernet blades, and doesn't actually handle significantly more
throughput. I just did this comparison about three weeks ago. Now,
admittedly, I used to work for Cisco and I already wanted to buy Cisco
when I did the comparison, so I might be a little biased, but the
numbers speak for themselves.
On the plus side for the Lucent brick, it does support firewalling
non-IP protocols, so if you need this functionality, don't buy the PIX.
Most of us probably won't if we're using these for external access, so
it's not much of an issue.
PIX-515UR LVG-201
Price for first unit: $10,686 $9,992
Price for failover unit: $3,294 $9,992
Total hardware cost: $13,980 $19,984
Price for mgmt software: $0 $4,796
Total cost: $13,980 $24,780
Required support software? no yes
Max Throughput (mbits/sec) 120 125
Max Connections 128,000 100,000
Support for Non-IP Protocols?
no yes
VPN PIX-to-PIX Yes
10mbps interfaces 2 0
100mbps interfaces 4 4
What REALLY scared me away from the Brick was that (At least according
to Lucent salespeople) you HAD to buy their software to configure, and
even more of a worry, you HAVE to buy an ADDITIONAL software package
(which I could not get them to price out for me) for failover support.
If it costs as much as the management software, then that puts you to
over double the cost of going with the PIX-515-UR. The fact that cisco
will sell you a failover unit for $3300 is a pretty significant push
away from Lucent. The LVG-201 is supposed to have decent VPN support,
but I have no experience with it (comments?) so I can't speak there. I'm
also not too worried about VPN support at my site, so I haven't done all
the research there, either.
Anyway, IMO if the Brick has something you need, buy the Brick. If not,
get a PIX, or something else entirely. The PIX-515 is also a 2U box
where the Brick is 4U, so assuming you use a 4U box to manage the bricks
(which should be done by a dedicated machine with disk mirroring and
redundant power) you're using 12U where you could be using 4U, since the
PIX can be managed quite well via a telnet connection.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
