Pix 506E or Netscreen 5GT?

I need to replace the firewall on a small network (~15 users) and I've narrowed the choices down to two: the PIX 506E and the Netscreen 5GT.

Which is the better choice for this application? I noticed that the 5GT has an extended mode varient which supports three interfaces, while the PIX is restricted to two. I'd like to move my public servers off onto a DMZ, but this isn't critical. (As an aside, it seems like there is a big gap in the PIX product line between the 506E and the 515E--is Cisco planning on filling it with a new model that supports three interfaces anytime soon?)

How is Juniper tech support? I've heard that Cisco's is excellent, but Juniper's isn't so good.

Reply to
sodaant
Loading thread data ...

As somebody who works for what was once Canada's largest NetScreen reseller, could I suggest you check out the FortiGate lineup? The FG60 has 4 interfaces and does stuff the GT can't. For less money. With better tech support.

formatting link

-Russ.

Reply to
Somebody.

I've never heard of FortiGate. What does the FG60 do that the GT can't?

Reply to
sodaant

Forti gate is now vanished from market as i heard they are using trend micro software and trend has complaint against them in market. But still Fortigate is a good product i used it in myl astcompany and it has awesome features. Do throguh the link:

formatting link
Rate if helped

CK-NET

Reply to
NETADMIN

The haven't vanished from the market at all. They have a new AV engine that doesn't infringe on any patents and have an awesome new software release coming out right now.

The Trend thing is in the past, the company is moving forward.

-Russ.

Reply to
Somebody.

ROTFL! Oh really, Tell me what the Avalanche numbers for a 3600 are.

No, I just skewer fanboys and shills.

greg

Reply to
Greg Hennessy

Skewer with what, a bad review of a beta feature? Unsupported claims that they don't really use ASIC? Statements that they can't do what I've seen them do, what I've implemented them to do myself?

Pfft.

I load tested a a 3600 in a bakeoff running 350Mbps of AV scans (ftp'ing

400+ MB zip files through it, that it had to unzip and scan) while one of their guys ran his tools against it that blew all the other firewalls up. All it did was raise the CPU about 20%.

I've put in, and maintained, clusters of 3600s in lots of complex environments -- universities being the most complex of those.

I'm no shill. I do this for real. If you want to see a shill, google "SecurityFreak" from this group.

I couldn't care less what magazines say. I'm not going to go around and badmouth the competitors either, other than as far as my direct, hands-on experience has shown me. Certianly not by citing a bunch of magazine articles.

So, you advance the boxes you like, i'll advance the boxes I like, let the readers choose. Just don't fling mud around when you don't really know anything about the product.

-Russ.

Reply to
Somebody.

ROTFL! So its the reviewers fault that FortiGate submitted something completely unusuable for comparison with other products under review.

Why was it a 'bad review' ?

Oh, a logical fallacy, You've been directed to the location of a review which clearly shows a CPU bottleneck in high end Fortinet products when AV and IDS is enabled.

Would you like to be humiliated further and have the conclusions quoted verbatim.

Translation: I cannot address any point raised.

Such much for claims of alleged 'wire speed' AV.

For the audience, the 3600 has gig-e interfaces.

ROTFL! That's not answering the question.

Irrelevant, you were asked if you had the Avalanche figures for them.

your inability to accept real world observations of your favourite product is noted.

Apart from showing that your conclusions dont hold water.

greg

Reply to
Greg Hennessy

Not at all, it's Fortigate's fault. What they shipped was as bad as they said it was. It was a "bad review" -- a correct, well worded, bad review of something. You know, opposite of a "good review" where the reviewer likes the product? Fortigate earned that bad review, no doubt about it. They sent beta code out and got thrashed. Bad on them. Doesn't change the fact that the current code is excellent.

No qualified Fortinet person will tell you that it does wire speed AV if your definition of it is to run at the Firewall's rated throughput. But you can configure a cluster to get to gigabit AV. You can build AV up to just about any speed with clustering. Yes, box resources limit AV, that doesn't mean it's not using ASIC, which is what you said.

Understand, if you enable DI on a NS for example, on a 208, you flat cripple it, and that's not even doing AV. The FG can run IPS at about 75% of fw throughput and AV at about 10%. So you cluster/scale them accordingly. Nothing else does AV at that speed for that little money.

I don't have Avalanche numbers. So? Lots of other tests either. I'm saying I've done stuff in the real world, on production segments. Guess that doesn't matter. To you I'm a shill.

Yours to not accept my real world *experience* is noted.

If you think so.

-Russ.

Reply to
Somebody.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.