firstname.lastname@example.org (Walter Roberson) wrote:
|In article , |Brian Bergin wrote: | |:I for |:one am actively looking for a new vendor given the long lack of support for |:common protocols like ESMTP in the PIX. Too many other vendors like Juniper |:with their Netscreen brand have highly regarded firewalls at 1/2 the cost of a |:similar PIX and more features than 6.3.4 offer. | |Which Netscreen model would that be? | |According to the juniper.net netscreen-5 comparison chart: | |HSC: 5 internal IPs, 2 VPN tunnels, ?? mapped IPs, 1000 sessions, |50 Mbit/s cleartext, 10 Mbit/s 3DES | from $US328 street (according to shopper.cnet.com) | |5GT: 10 internal IPs, 10 VPN tunnels, 32 mapped IPs, 2000 sessions, |75 Mbit/s cleartext, 20 Mbit/s 3DES | from $US412 street (according to shopper.cnet.com) | | |My accumulated notes have: | |PIX 501: 10 internal IPs, 10 VPN tunnels, mapped IPs not limited, |sessions not limited, 60 Mbit/s cleartext, 3 Mbit/s 3DES | from $US337 (according to shopper.cnet.com) | | |The street price difference between the PIX 501 and Netscreen HSC is small |enough to be negligable, less than the range of a typical corporate |discount. The PIX 501 is, though, faster than the HSC, supports twice |the number of internal users, 5 times as many tunnels, and unlimited |sessions. Essentially the Netscreen HSC's is trying to compete |at about the level of the Cisco VPN 3002 or Linksys BEFSX41. | |The closet comparison to the PIX 501 would appear to be the |Netscreeen 5GT, which is a bit faster (especially on 3DES), but |has the 2000 session limit and the 32 mapped IP limit. And it isn't |"half the cost" of the 501, it is 25% higher cost. | |What does the difference in "sessions" mean in practice? |I'm not sure -- but I just checked a PIX 501-50 (50 user |license) that was last rebooted Thursday evening |(with Friday and today (Monday) both being holidays for us |and no regularily scheduled work on weekends.) It shows 1792 |sessions peak over that non-busy time. A different 501-50 |which was last rebooted a couple of months ago shows |a peak of over 5000 sessions. | |The PIX 501 has optional licenses for 50 users or |unlimited users; the Netscreen 5GT has an optional license |for unlimited users, and a different optional license |to double the sessions -- up to 4000. | |After that one starts getting into the Netscreen 25, which |is probably best compared to the PIX 506E. But even the |Netscreen 25 Baseline (stripped-down software) starts at |$US1800 street, compared to $US800 for the PIX 506E. | | |If you want to get into a "how many physical interfaces" |discussion, then you are talking about the PIX 515E, |525, or 535 -- all of which -are- supported in PIX 7.0. | | |The Netscreen series does appear to have some nice features, but down |at the end of the market where the 501 and 506E live, I do not think |you are going to find a Netscreen with comparible or better features |for "half of the price" of the corresponding PIX.
Prices have changed since we bought our PIX's. At the time Netscreen, not part of Juniper at the time, were much less expensive than PIX but we bought the PIX based on reputation and the 501 only supported 50 users at the time. I've not seen the unlimited 501 license. It'd have to be very cheap as the cost of 50 users brings the 501 to almost the cost of a 506E with more RAM and a faster CPU (I'm not even sure why they sell a 50 user 501 when the 506E is so close, other than to upgrade an existing one, but I'd sell and buy new before I did that I believe).
Now, I'm told that Cisco is planning on 50x support by 7.1 (TAC told me this last night). The concern is how long before 7.1 ships? They've not answered that yet. I truly hope it's not as long as 6.3.4 to 7.0. ESMTP support is what we're after. Cisco has ignored it for far too many years.
Thanks... Brian Bergin
I can be reached via e-mail at cisco_dot_news_at_comcept_dot_net.
Please post replies to the group so all may benefit.
NOTICE: Use of this information is contingent upon acceptance of Paragraph 17 of Terabyte's Terms and conditions located at