[c-nsp] Cisco FWSM vs Juniper NetScreen 5400

[Dale Shaw]

Hi all,

I'm about to embark on a not-really-proper evaluation of the FWSM and
the NetScreen 5x00 firewalls. I say "not-really-proper" because it's
not really practical to tee up and run a full blown eval. I'm working
from data sheets and anecdotes.

I'm an old PIX guy from way back. I guess I've accepted the platform's
idiosyncrasies and I'm quite comfortable working with them. In the
past few years, I've had less hands-on with ASAs and zero with FWSM,
but I'm sure it would only take a little while to familiarise myself
with the changes. I have never touched a NetScreen.

So what I'm asking for is for people with strong views for and against
both products to spill their guts. I want to know what the data sheets
don't tell me. I need a high throughput firewall solution for campus
segmentation.

It'll be pretty standard packet filtering - no intrusion prevention,
VPN or any other common "value add" type features. I need to be able
to feed traffic to the firewall at up to 10Gbps (Ethernet) and not
have it vomit. It should support multicast but it's not essential. It
needs to be stable and have multi-chassis failover support.

Alas, the routing protocol is EIGRP. This shouldn't pose too much of a
problem though as I only need to segment about 20 VLANs.

I searched the archives a found a few similar questions. Most people
didn't have nice things to say about the FWSM. I wonder if things have
improved in the last year or so?

cheers,
Dale