Sidewinder vs Netscreen as layer 3 firewall only.

Sidewinder vs Netscreen as layer 3 firewall only.
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Sidewinder vs Netscreen as layer 3 firewall only. Andy Davidson 05-13-2005
Posted by Andy Davidson on May 13, 2005, 4:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

Hi,

I'm trying to compare the performance of a Netscreen ISG1000/2000 firewall
and a Secure Computing Sidewinder 1100C **as a layer 3 packet inspector**
rather than an application proxy ?

Regarding the Sidewinder, it might sound unusual to you that we may
buy a firewall which is mainly sold as an application proxy / layer
seven filtering device, in order to do stateful inspection, but one of
our suppliers is trying to push them to us as the perfect firewall for
our needs.

This is what we are looking for.. (this will look terrible on google
if you don't use a fixed width font..)


internet
|
cisco 2821s
|
|
firewall
| |
| +----+
redline |
reverse |
proxy internal
| app servers/dbs
|
webservers


This is easy to visualise on the Netscreen firewall (3 security zones)
and the Sidewinder (3 burbs) so as far as I can see, there's no logical
reason why this would not work on both platforms.

The main differences I can see are :

* the Netscreen would give us IDS reports straight away, as soon as we
buy the ids blade.
* The Netscreen performance suffers, I am told, when IDS reporting is
turned on (this might not be the case at all. :-) )
* the Sidewinder 1100C is much cheaper
* the Sidewinder has a comfortable unix-style shell interface
* The peer support community for Netscreen is 'probably' larger.

We simply do not want or need the application proxy stuff, so that's
not an advantage, or ISP of the Sidewinder in this case.

How do the firewalls compare in this circumstance, please ?



--
http://fotoserve.com/ - Prints, Slides, Posters, Mugs, T-shirts,,
Calendars, Jigsaws, Tableware, Caricatures, Greetings cards, Picture
bags, Photo Album and Book covers, Canvas Prints, tissues and more
..... from your own digital images.


Posted by Michael Pelletier on May 13, 2005, 1:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Andy Davidson wrote:

>
> Hi,
>
> I'm trying to compare the performance of a Netscreen ISG1000/2000 firewall
> and a Secure Computing Sidewinder 1100C **as a layer 3 packet inspector**
> rather than an application proxy ?
>
> Regarding the Sidewinder, it might sound unusual to you that we may
> buy a firewall which is mainly sold as an application proxy / layer
> seven filtering device, in order to do stateful inspection, but one of
> our suppliers is trying to push them to us as the perfect firewall for
> our needs.
>
> This is what we are looking for.. (this will look terrible on google
> if you don't use a fixed width font..)
>
>
> internet
> |
> cisco 2821s
> |
> |
> firewall
> | |
> | +----+
> redline |
> reverse |
> proxy internal
> | app servers/dbs
> |
> webservers
>
>
> This is easy to visualise on the Netscreen firewall (3 security zones)
> and the Sidewinder (3 burbs) so as far as I can see, there's no logical
> reason why this would not work on both platforms.
>
> The main differences I can see are :
>
> * the Netscreen would give us IDS reports straight away, as soon as we
> buy the ids blade.
> * The Netscreen performance suffers, I am told, when IDS reporting is
> turned on (this might not be the case at all. :-) )
> * the Sidewinder 1100C is much cheaper
> * the Sidewinder has a comfortable unix-style shell interface
> * The peer support community for Netscreen is 'probably' larger.
>
> We simply do not want or need the application proxy stuff, so that's
> not an advantage, or ISP of the Sidewinder in this case.
>
> How do the firewalls compare in this circumstance, please ?
>
>
>

Honestly, I would recommend using a combination of layer 3/4 firewalls *AND*
an application firewall. This is a good security setup. A layer 3/4
firewall alone is not adequate now-a-days...


Michael
--
"Trusted Computing" is a SCAM
http://www.gnu.org/philosophy/can-you-trust.html

Protect your rights
http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html


Similar ThreadsPosted
Firewall or Layer 3 switch May 10, 2005, 12:26 am
Sidewinder April 22, 2005, 5:44 pm
Sidewinder errors. February 7, 2007, 5:20 am
[Sidewinder] "A ticket ID must be specified" October 29, 2008, 7:30 am
NGX to VPN-1 Edge layer 2 VPN April 5, 2006, 3:50 pm
Layer 3 behind ZYXEL VPN November 2, 2006, 2:45 pm
sidewinder log file location October 19, 2005, 3:43 pm
allowing http on sidewinder October 25, 2005, 3:34 pm
Secure Computing Sidewinder June 7, 2008, 7:52 am
Multi Layer Security December 19, 2004, 2:06 am

The site map in XML format XML site map

Contact Us | Privacy Policy