RE: PIX vs Netscreen

From: Roberto Giana (Roberto.Giana@econis.com)
Date: Wed Oct 09 2002 - 09:04:38 GMT-3

• Next message: ying c: "RE: CAT 3550 port security aging??"
• Previous message: Burgstaller, Oliver: "Study partner in Germany"
• Maybe in reply to: Armand D: "PIX vs Netscreen"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

Well. One interessting feature of the bigger NetScreen Devices is that it
supports a "Multi-Customer" environment. This means, that you can implement
a VLAN for each customer, which is protected through the NetScreen, and give
management access to the customers for their own part of the firewall. So
you can split your firewall box into several virtual firewalls. But it's a
feature more intended for service providers than for single customers.
-NetScreen has the ability to run in transparent mode (bridging mode) which
makes it very difficult (nearly impossible) to detect it through
tracerouting.
-NetScreen supports ICMP-redirections, which makes it possible to use it as
a default-gateway in small networks environments.
-NetScreen supports a local user database, which makes it possible to do a
simple user authentication without any external services like radius/tacacs.
-NetScreen supports only radius (=no tacacs).
-NetScreen has the better Web-Interface than the Piggs.
-The new NetScreen software (4.0) also supports OSPF and BGP routing.
-On NetScreen you can disable inter-VLAN routing, which allows you to use
the box for several cusotmer networks, where the single customers can only
talk to the Internet but not to each others. Something simmilar to "private
VLANS".

Regards
Roberto

-----Original Message-----
From: P729 [mailto:p729@cox.net]
Sent: Mittwoch, 9. Oktober 2002 08:42
To: Armand D; CCIELab
Subject: Re: PIX vs Netscreen

A year ago, this article was a real eye-opener for me:
http://www.tolly.com/News/NewsDesk/TS201111NetScreenJul01.asp (full article
available at NetScreen's site)

The 535 basically got smoked by an NS-500. A bug in the PIX code was cited
and there's been a major release of PIX code since then, so a follow-up test
would be real interesting...

Regards,

Mas Kato
https://ecardfile.com/id/mkato
----- Original Message -----
From: "Armand D" <ciscoworks2001@yahoo.com>
To: <ccielab@groupstudy.com>
Sent: Tuesday, October 08, 2002 10:01 AM
Subject: PIX vs Netscreen

Hello all,

I'm wondering if anyone can give me their $0.02 on PIX
versus Netscreen. I work for a security services
company, and we sell a whole bunch of PIX but that's
changing. Lately, I'm touching a whole bunch of
Netscreen, Watchguard, etc.-- I keep hearing the
Netscreen product is vastly superior to PIX in terms
of price and performance. They also tout good central
management, site to site VPN tunnels.

Any feedback would be greatly appriciated.

Regards,

Armand

http://mobile.yahoo.com.au - Yahoo! Messenger for SMS
- Always be connected to your Messenger Friends

• Next message: ying c: "RE: CAT 3550 port security aging??"
• Previous message: Burgstaller, Oliver: "Study partner in Germany"
• Maybe in reply to: Armand D: "PIX vs Netscreen"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:43 GMT-3