[nsp] Re: Network Firewall

Nick Voth nvoth at estreet.com
Wed Jun 16 12:20:15 EDT 2004


Lawrence,

We have used several "hardware" based firewalls and have actually settled on
the Netscreen, (now Juniper), ASIC based firewalls:

   http://www.juniper.net/products/integrated/dsheet/

I have used the Cisco PIX firewalls too, but have found them difficult to
configure and "tweak" for the things we need. Compared to the nice web
interface of the Netscreen product line, the Cisco PIX is just needlessly
difficult.

We've been using the Netscreen line now for at least 4 years and have never
had an issue.

If you're looking for a fast, reliable, hardware based firewall, Netscreen
has my vote.

-Nick Voth

> Message: 1
> Date: Wed, 16 Jun 2004 06:56:27 -0700 (PDT)
> From: Lawrence Wong <lawrencewong72 at yahoo.com>
> Subject: [nsp] Network Firewall
> To: cisco-nsp at puck.nether.net
> Message-ID: <20040616135627.71424.qmail at web50105.mail.yahoo.com>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi all,
> 
> I am currently looking for a firewall to install in
> our corporate network. Our network mainly runs on
> Cisco hardware which made me consider using Cisco
> firewalls as well. We use public IPs hence no NAT is
> required.
> 
> Does anyone have any experience to share on the Cisco
> PIX firewalls? Or any other firewalls to recommend?
> 
> I noticed that compared to other vendors, Cisco PIX
> seems to lack in the area of SYN/UDP DDoS flood
> protection? The closest which I read from it's manual
> for 6.3 is the usage of some paraments in the "static"
> command to indirectly manage flooding, but static is
> used in NAT mode.
> 
> TIA!



More information about the cisco-nsp mailing list