Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: Nokia 5300 or Cisco Firewall Services Module
From: hermit921 <hermit921 () yahoo com>
Date: Thu, 06 Nov 2003 14:34:13 -0800
We looked at something almost identical a year ago and determined that the firewall rules interface was quite difficult and prone to user error (who wants to duplicate every rule on every interface?), and the lack of logging made it unnacceptable. They did offer syslog.....
Yesterday a Cisco engineer gave us a new presentation, and they claim to have solved all that. They now can create firewall rules per object instead of per interface. We would still have to buy a separate system for logging, and install a database such as DB2 or Oracle or Sybase. Their management software is of course an extra cost and runs on Windows or Solaris.
One of the things Checkpoint offers that Cisco didn't mention was logging what rule changes were made when and by whom. I am looking forward to actually getting hands-on experience later this month. I would love to hear about anyone's impressions who has used both systems. 

hermit921


At 12:50 PM 11/6/2003, Camilo Tesone wrote:

Hi,

I was wondering if anyone had experience with Cisco's Firewall Service
Module. We're trying to decide between two Nokia Checkpoint boxes (Nokia
5300s) and two Cisco PIX FWSMs. Any feedback would be appreciated.

[deleted]

1. Scalablity. The Nokia's support up to a max of 8 Gigabit Ethernet
interfaces while the FWSM can support up to 100 protected interfaces.

2. Throughput. The Nokia 5300 has a max throughput of 5 gigs while the FWSMs
can handle up to 10 gigs.

3. Cost. Each FWSM would cost us about $20K after a sizeable discount. I
think the Nokias are a little cheaper but I don't know yet. We will not have
to pay annual maintenance on the FWSMs from Cisco because maintenance is
already included for each module in a Catalyst 6513 once you purchase
support for that chassis. The Nokia maintenance would be expensive.

4. Ease of use. This includes the ability to create and modify rules, groups
etc.

Thanks again for anyone willing to provide their insights.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]