Results 1 to 14 of 14
  1. #1
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512

    Firewall vendor reccomendation

    I am looking to pick up a SonicWALL Pro 3060 with SonicOS 2.0e. Anyone know of a good vendor? I have found the bundle at various online shops for ~$2900, but I was looking to see if anyone knew something I did not

    Also, what is everyone general impression about that product? I am highly impressed with 2.0e's failover capabilities, but I just wanted to make sure that was the consensus.

    I was also looking at the Watchguard Firebox X1000, but I do understand that Watchguard isn't exactally popular around here.

  2. #2
    Join Date
    Apr 2001
    Location
    St. Louis, MO
    Posts
    2,508
    Check out Netscreen. They were recently bought by Juniper and make an awesome product.
    Mike @ Xiolink.com
    http://www.xiolink.com 1-877-4-XIOLINK
    Advanced Managed Microsoft Hosting
    "Your data... always within reach"

  3. #3

    Ditto

    I like Netscreen as well. The ports are dynamically configurablefrom the 25 up. I have found them easy and secure.

    If you want to run in transparent mode they actually handle it correctly unlike the SonicWall stuff I have seen. I actually had a L3 tech tell me "Well, we really do not run in transparent mode even though we say we do." Granted this was maybe a year ago.
    cPanel Partner NOC -StoreSense E-Commerce Partner
    Personal, Business, Co-location, Reseller
    Negociated pricing on 1-12 month Contracts
    [email protected] www.dpssystems.com

  4. #4
    Join Date
    Mar 2004
    Location
    Corning, NY
    Posts
    12
    I would contact Chris from Atlantix. He is great, and can help you with used and non-used equipment.

    Chris Stoglin
    Atlantix Global Systems
    303.874.8290
    888.786-2727 x7129

  5. #5
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    What about running in transparent mode? I'm not sure I understand your reference.

    As for NetScreen, I have looked at their products as well but i'm really aiming toward SonicWALL, unless I can get some really good reasons why NetScreen is better.

    Any experiences using either device as part of a DDoS mitigation strategy?

    Thanks.

  6. #6
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    DeathNova: Avoid SonicWall ... we had nothing but problems with ours. In fact, I have two Pro 300's that I'd be willing to sell you for cheap

    The crux of our issue is that the SonicWall has no intelligent way of metering or limiting concurrent connections from a particular source / destination IP, effectively making it very easy for someone to lauch a DoS attack and take the entire firewall down, by filling up all of the available connections. Netscreen, on the other hand, has had protections against similar attacks for the past two years.

    Also, in regards to their failover protections - we had a pair of PRO 300's configured as failovers. We were never able to get the failover to work correctly, and ended up running one active and exporting the configuration weekly and having the second one completely offline, but "ready to go" in the event that the first one failed. Obviously, this is not ideal, but we had nothing but issues with SonicWall HA.
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  7. #7
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Pro 300? Thats sort of old, no? Its not my goal to defend anyone here, but have you taken a look at the 2.0e demo and the 3060 specs? Unless of course, all their claims are blatent exaggerations...

  8. #8
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    I should add that I am appreciative of any similar comments, positive or negative, as it gives me a lot of extra ammo when questioning various sales techs

  9. #9
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    The Pro 300 can handle the same number of concurrent connections as the 3060 Regardless, my point about the connection flooding issue is still valid. Netscreen would be far better choice, IMHO.
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  10. #10
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Its also a much more expensive choice

    Just for my notes, what NetScreen would you reccomend purchasing in lieu of the 3060 (or 4080 for that matter).

    Thanks.

  11. #11
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,301
    Actually, at the time we purchased our Pro 300's (about a year ago), they were both about $2,500. The 3060 is the replacement for the Pro 300, so they have essentially the same price points.

    As for a Netscreen prodcut, what were the main reasons why you wanted the Pro 3060? Do you need to push the 300Mb/sec it's rated for?
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  12. #12
    Join Date
    Mar 2004
    Location
    Atlanta
    Posts
    18
    I'm new around here but at work we use Watchguards and just got a x700.

    They're simple and easy to integrate small branch offices using the soho's. That's a main reason why we keep Watchguards.

    They double as VPN servers and we currently also have Enterasys Aurorean shiznit. Comapred to Aurorean the WG's are strides better IMHO.

  13. #13
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Ever get DoS/DDoS attacks? How well does it hold up under that kind of pressure?

  14. #14
    Join Date
    Mar 2004
    Location
    Atlanta
    Posts
    18
    Originally posted by DeathNova
    Ever get DoS/DDoS attacks? How well does it hold up under that kind of pressure?
    Not yet.., but I just took over a WAN of 350 people. The guy before me didn't set up any logging or alerts so maybe we have and it's performed well. We haven't suffered from any external attacks, only internal users and msblast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •