RE: Replacing my old PIX Classic

[Fei Yang]

Check this out. www.watchguard.com. Does anybody have experience with this product? It looks good and cheaper according to their web site, but no intrusion detection support.   Fei. -----Original Message----- From: Rink, Jesse [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 12:14 PM To: 'Noonan, Wesley' Cc: '[EMAIL PROTECTED]' Subject: RE: Replacing my old PIX Classic I see what you mean about religious wars already after being in this group for a whole 5 minutes.   I guess right now I'm looking at the Cisco PIX 506 but that's mainly because of my familiarity with PIX.  I'm still open to other product that are comparitive to the PIX 506.  I just don't know what they are.   I'm not interested in having the firewall handling any proxy filtering.  By that, I assume you mean web proxy filtering (urls that should be blocked, etc.).  We already have a proxy product in place that we will be sticking with and have been 100% satisfied with.  As for packet filtering, are you talking about specifically looking at the packet and blocking/allowing dependant on the type of packet itself?  For instance, would packet filtering allow blocking any packet that shows up as someone trying to use AIM or KAZAA, etc.  Or does that fall under the application filtering definition?  Just trying to familiarize myself with the exact terms.   As for the sessions, no more than probably 700-2500 concurrent sessions.  Although, my current PIX does have 4 interfaces.  I need to make sure my new firewall can handle 4 interfaces, and the PIX 506, supposedly handles 2.  Although I read something about the 506E, it doesn't list what the difference is between them.     -----Original Message----- From: Noonan, Wesley [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 9:45 AM To: 'Rink, Jesse'; '[EMAIL PROTECTED]' Subject: RE: Replacing my old PIX Classic   All 3 are good firewalls. It depends on what you are looking for. Do you want a packet filtering firewall (tends to be faster), then the PIX is a good choice. Depending on the amount of users, you can go with a PIX 515 or above. Do you want more proxy/application filtering capabilities? Then both ISA and FW1 are good choices. Any debate between the two is likely a religious war (with lots of M$ thrown in, I suppose because they don't have anything credible against ISA...)   HTH   Wes Noonan, MCSE/MCT/CCNA/CCDA/NNCSS Senior QA Rep. BMC Software, Inc. (713) 918-2412 [EMAIL PROTECTED] http://www.bmc.com