Options
Super-Mega Firewall-Elite vs. Godzeee-ah
Or simply put I'm looking for some options on ultra high capacity firewalls. We currently use a Cisco ASA-5580-40 for our core Firewall but may outgrow it sooner than expected. I've had a quick look at Fortinet/Fortigate and their Chassis solutions but have never used one, also looking around the web doesn't yield a lot of up to date information useful for direct comparisons so I'm wondering what solutions some of you might already have in place for 10Gbps+ Firewalling (and 4mil+ pps which I think we will hit before the bandwidth limit). The solution needs to include comparable protocol inspection (not for IDS/IPS, just fixups).
Any suggestions greatly appreciated folks.
Any suggestions greatly appreciated folks.
We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Comments
-
Options
rfult001
Member Posts: 407
You're recommending Cisco security products to a guy with a CCIE - Security?
We have Juniper ISGs in place on our campus and they seem to work pretty good. I've also been hearing about a company called InGate recently that is supposed to make some decent security appliances, you might give them a look. -
Options
darkerosxx
Banned Posts: 1,343
-
Options
rossonieri#1
Member Posts: 799 ■■■□□□□□□□
an ISG/SSG platform can be considered a UTM (all a board) depends on how we manage them, and IMHO - if you want to put some pure FW into the core i think that NS5400-series might be a good thing to look at.
NetScreen Series Security Systems - Enterprise Firewall VPN - Juniper Networks
i myself havent got the pleasure to put some of those under 10G link because we havent got that kind of super speed here in my country, but for couple of 1G i think it performs well, as you might know already - there are deployment method to consider as well.
there are deep inspections feature, ALGs and the like.
just my 2cents
the More I know, that is more and More I dont know. -
Options
tiersten
Member Posts: 4,505
Bad joke?ilcram19-2 wrote: »juniper sucks, get a cisco ISR go to cisco.com or here -
Options
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
Thanks for the suggestions guys.
ISR is out as it doesn't have the horsepower, the ASA5580-40 we currently use is Cisco's biggest and best.
We already use TippingPoint IPS' and will likely move from multiple gig trunks to 10Ge and a Core-Controller solution, so good guess. But the Firewall is still the current focus since thanks to the Core-Controller TP IPS performance is prettty scalable already.
That Juniper looks good but it's a little slower than the 5580-40 (40Gbps vs. 30Gbps, halve that for Full Duplex and then drop it again for real-world but the Cisco edges it out a little on pure horsepower I think). The SRX series though might be a good option, I didn't know they did higher than the std. Netscreens. Thanks for the link.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
Optionsrossonieri#1
Member Posts: 799 ■■■□□□□□□□
The SRX series though might be a good option, I didn't know they did higher than the std. Netscreens.
ah that new thing, thats why it has never crossed to my mind before
my bad.
60Gbps to 120Gbps aggregate, wow. just please tell me if you manage to give it a test drive, will you the More I know, that is more and More I dont know.
