[c-nsp] Cisco FWSM vs Juniper NetScreen 5400

Gunjan GANDHI (BR/EPA) gunjan.gandhi at ericsson.com
Thu Aug 9 06:01:10 EDT 2007


Nothing that hasn't been said before...
Netscreens any day over PIX, though they will cost heaps more.
Netscreens can't do EIGRP though, so if that is a must, your only option
is Cisco. Other than that I would pick Netscreens over PIX any day with
my eyes closed.. 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dale Shaw
Sent: Thursday, 9 August 2007 6:43 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco FWSM vs Juniper NetScreen 5400

Hi all,

I'm about to embark on a not-really-proper evaluation of the FWSM and
the NetScreen 5x00 firewalls. I say "not-really-proper" because it's not
really practical to tee up and run a full blown eval. I'm working from
data sheets and anecdotes.

I'm an old PIX guy from way back. I guess I've accepted the platform's
idiosyncrasies and I'm quite comfortable working with them. In the past
few years, I've had less hands-on with ASAs and zero with FWSM, but I'm
sure it would only take a little while to familiarise myself with the
changes. I have never touched a NetScreen.

So what I'm asking for is for people with strong views for and against
both products to spill their guts. I want to know what the data sheets
don't tell me. I need a high throughput firewall solution for campus
segmentation.

It'll be pretty standard packet filtering - no intrusion prevention, VPN
or any other common "value add" type features. I need to be able to feed
traffic to the firewall at up to 10Gbps (Ethernet) and not have it
vomit. It should support multicast but it's not essential. It needs to
be stable and have multi-chassis failover support.

Alas, the routing protocol is EIGRP. This shouldn't pose too much of a
problem though as I only need to segment about 20 VLANs.

I searched the archives a found a few similar questions. Most people
didn't have nice things to say about the FWSM. I wonder if things have
improved in the last year or so?

cheers,
Dale
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list