best firewall

"Best" has multiple meanings. Some people consider "best" to mean "least expensive". Some people consider "best" to mean "most features". Some people consider "best" to mean "sexiest models in the advertising".

In order for us to have a chance of answering your question, you will have to define "best" and you will have to indicate how to weight the various factors, as there might be different areas of strengths for the devices.

What for? How much do you want to spend? Are you familiar with IOS or not?

If price is not a problem, IMHO an enterprise-class StoneGate cluster is the best firewall you can get... but of course that's a totally different league compared to a PIX :-)

Juergen Nieveler

For what purpose?

Yours, VB.

Well if you are looking for the Best of breeds and a UTM I would look at the Sidewinder G2. Still the only Firewall not to have any Emergency patching.

With its Type Enforcement OS your never able to hack into this box on a vulnerablity.

Yet able to do Gig speed as an application Firewall. EAL 4+ in the US

company firewall, connected to a sdsl line, 2 servers at the moment and

company firewall, connected to a sdsl line, 2 servers at the moment and

That in itself would be a reason to rethink wether you really want a PIX.

The PIX is very powerfull (depending on the version, of course), but like all Cisco devices you can only really configure it if you learn IOS, which will take some time.

Juergen Nieveler

Maybe he's familiar with PIX OS, Juergen. OK, just kidding ;-)

Yours, VB.

PIX's operating system is "Finesse", not IOS, and the command set through 6.3 is not close enough to IOS to make learning IOS a particular benefit. Sure the ACLs are pretty similar, but with object-groups they are also noticably different... and the mechanisms for editting ACLs in PIX 6 differ noticably from IOS's mechanims.

PIX 7.0 has a noticably different syntax that is much closer to IOS.

The problem with PIX is not the mechanics of learning CLI entry or what an ACL entry should look like: the problem is that there are so -many- features and a lack of a good roadmap as to how the features interact.

WHATCHGUARD, why not ?

0-day protection i use it in my headquarter and all its branches..that's good

"gigabyte" ha scritto nel messaggio news:1139171805.749693@bru-ix-srv240...

Depended on the services you want to offer the local-net the number of users and their behaviours you choose the firewall.

No to much features that delute you not cramped with limited content.

a good firewall is simple

should include:

- dhcp

- snort / ids

- timeservice

- vpn tunneling

- proxy

- multiple networks support

- wireless wall

- logbook with lookup and export functions

- extendable / expandable.

- good energy costs /y

- good customers support by various channels mail, phone, snail, www, newsgroups

- remote admin protected from outside use or ssl/telnet for external setup.

What does the list think of IPCop?

? You mean, it should _filter_ DHCP?

Yours, VB.