Sign in with
Sign up | Sign in
Your question

Sonicwall vs Cisco?

Last response: in Networking
Share
April 14, 2004 10:51:33 PM

Archived from groups: comp.security.firewalls (More info?)

Hello. I am not a firewall expert, but I have been tasked to replace our
aging Sonicwall Pro2.

I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
30 users and a 1MB T1 line.

I've heard the Sonicwall is easier to deal with, but the Cisco has more
robust security features. If we are concerned more with security, which one
should we lean towards?

Thanks!

pk

More about : sonicwall cisco

Anonymous
a b 8 Security
April 14, 2004 10:51:34 PM

Archived from groups: comp.security.firewalls (More info?)

zim wrote:

> Hello. I am not a firewall expert, but I have been tasked to replace our
> aging Sonicwall Pro2.
>
> I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
> 30 users and a 1MB T1 line.
>
> I've heard the Sonicwall is easier to deal with, but the Cisco has more
> robust security features. If we are concerned more with security, which one
> should we lean towards?
>
> Thanks!
>
> pk
>
>

depends on your needs, do you need to connect remote offices/users via
VPN? The PIX is very easy to configure IPSEC between sites or users. IS
cost an issue? Either firewall is a standard packet filtering/nat'ing
firewall, the amount of users will not be an issue. By any chance do you
have any other Cisco products in use or going to be put in use?


Chad
April 14, 2004 10:51:34 PM

Archived from groups: comp.security.firewalls (More info?)

Cisco is certainly more robust, but does require some Cisco "pix"
experience. A Sonicwall is easy to configure for almost anyone.

-Robert


On Wed, 14 Apr 2004 18:51:33 GMT, "zim" <pk@pk.com> wrote:

>Hello. I am not a firewall expert, but I have been tasked to replace our
>aging Sonicwall Pro2.
>
>I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
>30 users and a 1MB T1 line.
>
>I've heard the Sonicwall is easier to deal with, but the Cisco has more
>robust security features. If we are concerned more with security, which one
>should we lean towards?
>
>Thanks!
>
>pk
>
Related resources
Anonymous
a b 8 Security
April 14, 2004 11:03:39 PM

Archived from groups: comp.security.firewalls (More info?)

In article <VKffc.36819$7c6.36402@newssvr29.news.prodigy.com>, pk@pk.com
says...
> Hello. I am not a firewall expert, but I have been tasked to replace our
> aging Sonicwall Pro2.
>
> I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
> 30 users and a 1MB T1 line.
>
> I've heard the Sonicwall is easier to deal with, but the Cisco has more
> robust security features. If we are concerned more with security, which one
> should we lean towards?

Take a look at the WatchGuard 700 series. Loaded with features, proxies,
filtering of email (smtp inbound), etc...

www.watchguard.com

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
April 14, 2004 11:55:15 PM

Archived from groups: comp.security.firewalls (More info?)

"Chad Mahoney" <spamme@mah0ney.com> wrote in message
news:107r2p46qdrcgbf@news.supernews.com...
> zim wrote:
>
> > Hello. I am not a firewall expert, but I have been tasked to replace our
> > aging Sonicwall Pro2.
> >
> > I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We
have
> > 30 users and a 1MB T1 line.
> >
> > I've heard the Sonicwall is easier to deal with, but the Cisco has more
> > robust security features. If we are concerned more with security, which
one
> > should we lean towards?
> >
> > Thanks!
> >
> > pk
> >
> >
>
> depends on your needs, do you need to connect remote offices/users via
> VPN? The PIX is very easy to configure IPSEC between sites or users. IS
> cost an issue? Either firewall is a standard packet filtering/nat'ing
> firewall, the amount of users will not be an issue. By any chance do you
> have any other Cisco products in use or going to be put in use?
>
>
> Chad


Thanks for responding. Yes, we have about 12 users who VPN from time to
time. We have a Cisco 1720 router and a 2600 router.
Anonymous
a b 8 Security
April 14, 2004 11:55:16 PM

Archived from groups: comp.security.firewalls (More info?)

zim wrote:

> "Chad Mahoney" <spamme@mah0ney.com> wrote in message
> news:107r2p46qdrcgbf@news.supernews.com...
>
>>zim wrote:
>>
>>
>>>Hello. I am not a firewall expert, but I have been tasked to replace our
>>>aging Sonicwall Pro2.
>>>
>>>I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We
>
> have
>
>>>30 users and a 1MB T1 line.
>>>
>>>I've heard the Sonicwall is easier to deal with, but the Cisco has more
>>>robust security features. If we are concerned more with security, which
>
> one
>
>>>should we lean towards?
>>>
>>>Thanks!
>>>
>>>pk
>>>
>>>
>>
>>depends on your needs, do you need to connect remote offices/users via
>>VPN? The PIX is very easy to configure IPSEC between sites or users. IS
>>cost an issue? Either firewall is a standard packet filtering/nat'ing
>>firewall, the amount of users will not be an issue. By any chance do you
>>have any other Cisco products in use or going to be put in use?
>>
>>
>>Chad
>
>
>
> Thanks for responding. Yes, we have about 12 users who VPN from time to
> time. We have a Cisco 1720 router and a 2600 router.
>
>
>
Well in that case I would lean toward the PIX due to the VPN the reason
I say this is that your remote users can then use the Cisco VPN client
to create a secure IPSEC tunnel instead of using a PPTP solution you
probally are already using. Although I am aware the sonic wall will due
IPSEC VPN but then you are forced to use M$ client which may not be so
secure:)  also the PIX plays very nice with other cisco products.

hth,

Chad
Anonymous
a b 8 Security
April 14, 2004 11:55:17 PM

Archived from groups: comp.security.firewalls (More info?)

On Wed, 14 Apr 2004 16:18:00 -0400, Chad Mahoney spoketh


>Well in that case I would lean toward the PIX due to the VPN the reason
>I say this is that your remote users can then use the Cisco VPN client
>to create a secure IPSEC tunnel instead of using a PPTP solution you
>probally are already using. Although I am aware the sonic wall will due
>IPSEC VPN but then you are forced to use M$ client which may not be so
>secure:)  also the PIX plays very nice with other cisco products.
>
>hth,
>
>Chad

Sonicwalls does IPSec tunnels as well; I don't know why you assumed
PPTP...

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
a b 8 Security
April 15, 2004 12:01:15 AM

Archived from groups: comp.security.firewalls (More info?)

"Rob" <bobh1234@hotmail.com> wrote in message
news:lo4r70ld9gfq3aqao4b6mp4ldlsuuhtibo@4ax.com...
> Cisco is certainly more robust, but does require some Cisco "pix"
> experience. A Sonicwall is easy to configure for almost anyone.
>
> -Robert

Have you actually worked on one? Getting one out of the box and getting it
working takes about 10-15 minutes tops if you use the built in web based PDM
and follow the step by step wizard which has help along the way. pretty
foolproof.
Anonymous
a b 8 Security
April 15, 2004 8:57:13 AM

Archived from groups: comp.security.firewalls (More info?)

In article <107r2p46qdrcgbf@news.supernews.com>,
Chad Mahoney <spamme@mah0ney.com> wrote:
>zim wrote:
>
>> Hello. I am not a firewall expert, but I have been tasked to replace our
>> aging Sonicwall Pro2.
>>
>> I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
>> 30 users and a 1MB T1 line.
>>
>> I've heard the Sonicwall is easier to deal with, but the Cisco has more
>> robust security features. If we are concerned more with security, which one
>> should we lean towards?
>>
>> Thanks!
>>
>> pk
>>
>>
>
>depends on your needs, do you need to connect remote offices/users via
>VPN? The PIX is very easy to configure IPSEC between sites or users. IS
>cost an issue? Either firewall is a standard packet filtering/nat'ing
>firewall, the amount of users will not be an issue. By any chance do you
>have any other Cisco products in use or going to be put in use?
>
The Pix's are only packet filters? I would think you would want
some sort of stateful inspection based firewall as Packet Filters
do not understand bidirectional tcp traffic.

Dave
Anonymous
a b 8 Security
April 15, 2004 9:02:21 AM

Archived from groups: comp.security.firewalls (More info?)

Dave Gresham <gresham@visi.com> wrote:
>>depends on your needs, do you need to connect remote offices/users via
>>VPN? The PIX is very easy to configure IPSEC between sites or users. IS
>>cost an issue? Either firewall is a standard packet filtering/nat'ing
>>firewall, the amount of users will not be an issue. By any chance do you
>>have any other Cisco products in use or going to be put in use?
>>
> The Pix's are only packet filters? I would think you would want
> some sort of stateful inspection based firewall as Packet Filters
> do not understand bidirectional tcp traffic.

PIX's are stateful.

--
Jason Kau
bubbafat@SPAMspeakeasy.net IS FOR EMAIL
jkau@vulture.cnd.gatech.edu IS FOR SPAM
http://www.cnd.gatech.edu/~jkau
Anonymous
a b 8 Security
April 15, 2004 11:34:25 AM

Archived from groups: comp.security.firewalls (More info?)

Lars M. Hansen wrote:

> On Wed, 14 Apr 2004 16:18:00 -0400, Chad Mahoney spoketh
>
>
>
>>Well in that case I would lean toward the PIX due to the VPN the reason
>>I say this is that your remote users can then use the Cisco VPN client
>>to create a secure IPSEC tunnel instead of using a PPTP solution you
>>probally are already using. Although I am aware the sonic wall will due
>>IPSEC VPN but then you are forced to use M$ client which may not be so
>>secure:)  also the PIX plays very nice with other cisco products.
>>
>>hth,
>>
>>Chad
>
>
> Sonicwalls does IPSec tunnels as well; I don't know why you assumed
> PPTP...
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)


Did you actually read the post?

>> Although I am aware the sonic wall will due
>> IPSEC VPN but then you are forced to use M$ client which may not be
>> so secure
Anonymous
a b 8 Security
April 15, 2004 11:35:01 AM

Archived from groups: comp.security.firewalls (More info?)

Lars M. Hansen wrote:

> On Wed, 14 Apr 2004 16:18:00 -0400, Chad Mahoney spoketh
>
>
>
>>Well in that case I would lean toward the PIX due to the VPN the reason
>>I say this is that your remote users can then use the Cisco VPN client
>>to create a secure IPSEC tunnel instead of using a PPTP solution you
>>probally are already using. Although I am aware the sonic wall will due
>>IPSEC VPN but then you are forced to use M$ client which may not be so
>>secure:)  also the PIX plays very nice with other cisco products.
>>
>>hth,
>>
>>Chad
>
>
> Sonicwalls does IPSec tunnels as well; I don't know why you assumed
> PPTP...
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)

Did you actually read the post?

>> Although I am aware the sonic wall will due
>> IPSEC VPN but then you are forced to use M$ client which may not be
>> so secure
Anonymous
a b 8 Security
April 15, 2004 12:22:27 PM

Archived from groups: comp.security.firewalls (More info?)

On Thu, 15 Apr 2004 07:35:01 -0400, Chad Mahoney spoketh


>
>Did you actually read the post?
>
> >> Although I am aware the sonic wall will due
> >> IPSEC VPN but then you are forced to use M$ client which may not be
> >> so secure

I must admit that I did not see that until now. However, Sonicwall has
their own VPN client, so you're not forced to use the MS Client. And, I
have not seen any evidence that it (or the MS client) are any less
secure than Ciscos' VPN client software.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
a b 8 Security
April 15, 2004 12:36:09 PM

Archived from groups: comp.security.firewalls (More info?)

Lars M. Hansen wrote:

> On Thu, 15 Apr 2004 07:35:01 -0400, Chad Mahoney spoketh
>
>
>
>>Did you actually read the post?
>>
>>
>>>>Although I am aware the sonic wall will due
>>>>IPSEC VPN but then you are forced to use M$ client which may not be
>>>>so secure
>
>
> I must admit that I did not see that until now. However, Sonicwall has
> their own VPN client, so you're not forced to use the MS Client. And, I
> have not seen any evidence that it (or the MS client) are any less
> secure than Ciscos' VPN client software.
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)

Was unaware of sonic wall client, however would you really want to trust
encrypted data with any product of M$???? I think M$ past and present
security issues speak volumes!!!
Anonymous
a b 8 Security
April 15, 2004 1:25:59 PM

Archived from groups: comp.security.firewalls (More info?)

On Thu, 15 Apr 2004 08:36:09 -0400, Chad Mahoney spoketh

>
>Was unaware of sonic wall client, however would you really want to trust
>encrypted data with any product of M$???? I think M$ past and present
>security issues speak volumes!!!
>

Past and present security issues with Cisco should speak fairly loudly
too, then, I would assume. As would any product from Sun, HP, Compaq,
Intel, 3Com and every other major player.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
a b 8 Security
April 15, 2004 4:58:40 PM

Archived from groups: comp.security.firewalls (More info?)

In article <107t0e162jn963e@news.supernews.com>, spamme@mah0ney.com
says...
> Lars M. Hansen wrote:
>
> > On Thu, 15 Apr 2004 07:35:01 -0400, Chad Mahoney spoketh
> >
> >
> >
> >>Did you actually read the post?
> >>
> >>
> >>>>Although I am aware the sonic wall will due
> >>>>IPSEC VPN but then you are forced to use M$ client which may not be
> >>>>so secure
> >
> >
> > I must admit that I did not see that until now. However, Sonicwall has
> > their own VPN client, so you're not forced to use the MS Client. And, I
> > have not seen any evidence that it (or the MS client) are any less
> > secure than Ciscos' VPN client software.
> >
> > Lars M. Hansen
> > http://www.hansenonline.net
> > (replace 'badnews' with 'news' in e-mail address)
>
> Was unaware of sonic wall client, however would you really want to trust
> encrypted data with any product of M$???? I think M$ past and present
> security issues speak volumes!!!

I've not seen any information from any source that indicates there is
(or even suspects) that there is a problem with the MS implementation.
Just about every firewall appliance vendor provides VPN client software
for their appliances, many of them come with X number of free licenses
with the initial purchase of the firewall.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
a b 8 Security
April 15, 2004 4:58:41 PM

Archived from groups: comp.security.firewalls (More info?)

>
> I've not seen any information from any source that indicates there is
> (or even suspects) that there is a problem with the MS implementation.



how bout these...Results 11 - 20 of about 71,500 for microsoft vpn
vulnerabilities. i think 71000 hits on the subject just about says it all...

http://www.trusecure.com/knowledge/hype/20040210_ms.sht...

http://www.zdnet.com.au/news/security/0,2000061744,2026...

http://www.microsoft.com/technet/security/bulletin/ms98...
April 15, 2004 5:39:18 PM

Archived from groups: comp.security.firewalls (More info?)

On Wed, 14 Apr 2004 20:01:15 -0400, "Hugo Drax"
<hugodrax@draxindustries.com> wrote:

>
>Have you actually worked on one? Getting one out of the box and getting it
>working takes about 10-15 minutes tops if you use the built in web based PDM
>and follow the step by step wizard which has help along the way. pretty
>foolproof.
>

Oh, I agree. But since when did you just want to use the wizard on a
Cisco product? It can do so much more.

A Sonicwall is truly WYSIWYG. There's nuthin' more under the hood.

-Robert
Anonymous
a b 8 Security
April 15, 2004 5:45:08 PM

Archived from groups: comp.security.firewalls (More info?)

In article <107t2v4j95h2n4b@news.supernews.com>, spamme@mah0ney.com
says...
> > I've not seen any information from any source that indicates there is
> > (or even suspects) that there is a problem with the MS implementation.

>
> how bout these...Results 11 - 20 of about 71,500 for microsoft vpn
> vulnerabilities. i think 71000 hits on the subject just about says it all...
>
> http://www.trusecure.com/knowledge/hype/20040210_ms.sht...
>
> http://www.zdnet.com.au/news/security/0,2000061744,2026...
>
> http://www.microsoft.com/technet/security/bulletin/ms98...

Those sites indicate nothing wrong with using MS Software to "Connect"
to a PPTP server (not running MS PPTP VPN) - meaning that they only talk
about the MS Server PPTP service and not anything with the MS PPTP
client used to connect to other PPTP Aware devices.

Also, the MS article indicates that the hole was patched in 1998.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
a b 8 Security
April 15, 2004 6:24:55 PM

Archived from groups: comp.security.firewalls (More info?)

In article <c5l50t$839$1@news-int.gatech.edu>,
Jason Kau <jkau@vulture.cnd.gatech.edu> wrote:
>Dave Gresham <gresham@visi.com> wrote:
>> The Pix's are only packet filters? I would think you would want
>> some sort of stateful inspection based firewall as Packet Filters
>> do not understand bidirectional tcp traffic.
>
>PIX's are stateful.
>
Thats what I thought. I just wanted to make sure ii hadn't moved
to another planet.
!