Just note that PIX is a "packet filtering" firewall as oppose to being an "application
proxy" firewall.
FW-1, Gauntlet and a number of other firewalls are of the "application proxy" type.
If you don't care about security at the application layer, and only care about speed
then go with "packet filtering" firewalls like PIX. But, remember that the most
important function of the firewall is security and not performance. Most offices have
only a T1 to the internet anyway and thus performance becomes a none issue.
Regards,
ali
>>> Brian Ford <[EMAIL PROTECTED]> 12/05/00 09:09AM >>>
Andy,
>From: Andy Haigh <[EMAIL PROTECTED]>
>Subject: Choice of Firewall
>
>Sorry resent as hit send button a bit early last time.
>
>We are currently reviewing our firewall and have come down to the following
>choices:
>
>PIX 515
>Checkpoint FW-1 on a Nokia Appliance
>Sonicwall Pro-VX
>Enternet 5.1
>
>We are looking for a solution that provides connection to the internet via a
>256k frame link, provides a DMZ and longer term allows us to have VPN
>connections. The firewall will be serving about 100 users and as always the
>choice will be dependant on price, but not solely.
>
>The Cisco PIX 515 is reasonably cheap for us being a Cisco reseller and does
>provide us with an upgrade path for the device. Configuration would not be
>as easy due to having to use CLI, but I believe there is a GUI for
>administrating the firewall at extra cost.
Actually, the device manager GUI is available at no extra cost. We do charge for a
mutli device (router, firewall, IDS) management system, CSPM.
The command line interface on PIX has been modified recently to make it easier if you
are familiar with access control list technology on Cisco IOS routers.
> It does provide VPN at an extra
>cost and has got a high throughput.
There are two components to the VPN solution. One is the cost of the encryption
license and the other is the cost of an encryption co-processor. The co-processor is
very new, requires no changes to the base configuration (other than installing the
card), and results in a dramatic performance improvement over what we were able to do
without the co-processor (and that was pretty good).
You can support site to site (you didn't mention how many sites) and remote client VPN
connections to the PIX.
>Support is available 24 x 7 at extra
>cost and is normally very good.
In addition you can support up to 10 interfaces with the latest version of the OS.
We've added DHCP client and server functions as well as support for a variety of
specialized applications. Using the alias command you can take a host on a perimeter
network and make it available to the outside. You can also configure the PIX for
remote management using the same VPN client that we use with the VPN3000 (formerly
Altiga VPN Concentrator).
You probably already know about : http://www.cisco.com/go/pix
><snip>
>Please could provide me with your thoughts on the products listed above, and
>let me know which one you would chose if required, completely non-binding
>:). Just trying to get a feel of other peoples thoughts, as I am sure the
>majority of you have more experience than I when it comes to Firewalls.
>
>Thanks in advance for any advice provided.
>
>Andy
Regards,
Brian
Brian Ford
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
