Sonicwall vs Cisco?

Archived from groups: comp.security.firewalls (More info?)

Hello. I am not a firewall expert, but I have been tasked to replace our
aging Sonicwall Pro2.

I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
30 users and a 1MB T1 line.

I've heard the Sonicwall is easier to deal with, but the Cisco has more
robust security features. If we are concerned more with security, which one
should we lean towards?

Thanks!

pk

Archived from groups: comp.security.firewalls (More info?)

In article <VKffc.36819$7c6.36402@newssvr29.news.prodigy.com>, pk@pk.com
says...
> Hello. I am not a firewall expert, but I have been tasked to replace our
> aging Sonicwall Pro2.
>
> I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
> 30 users and a 1MB T1 line.
>
> I've heard the Sonicwall is easier to deal with, but the Cisco has more
> robust security features. If we are concerned more with security, which one
> should we lean towards?

Take a look at the WatchGuard 700 series. Loaded with features, proxies,
filtering of email (smtp inbound), etc...

www.watchguard.com

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

"Chad Mahoney" <spamme@mah0ney.com> wrote in message
news:107r2p46qdrcgbf@news.supernews.com...
> zim wrote:
>
> > Hello. I am not a firewall expert, but I have been tasked to replace our
> > aging Sonicwall Pro2.
> >
> > I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We
have
> > 30 users and a 1MB T1 line.
> >
> > I've heard the Sonicwall is easier to deal with, but the Cisco has more
> > robust security features. If we are concerned more with security, which
one
> > should we lean towards?
> >
> > Thanks!
> >
> > pk
> >
> >
>
> depends on your needs, do you need to connect remote offices/users via
> VPN? The PIX is very easy to configure IPSEC between sites or users. IS
> cost an issue? Either firewall is a standard packet filtering/nat'ing
> firewall, the amount of users will not be an issue. By any chance do you
> have any other Cisco products in use or going to be put in use?
>
>
> Chad


Thanks for responding. Yes, we have about 12 users who VPN from time to
time. We have a Cisco 1720 router and a 2600 router.

Archived from groups: comp.security.firewalls (More info?)

On Wed, 14 Apr 2004 16:18:00 -0400, Chad Mahoney spoketh


>Well in that case I would lean toward the PIX due to the VPN the reason
>I say this is that your remote users can then use the Cisco VPN client
>to create a secure IPSEC tunnel instead of using a PPTP solution you
>probally are already using. Although I am aware the sonic wall will due
>IPSEC VPN but then you are forced to use M$ client which may not be so
>secure also the PIX plays very nice with other cisco products.
>
>hth,
>
>Chad

Sonicwalls does IPSec tunnels as well; I don't know why you assumed
PPTP...

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Archived from groups: comp.security.firewalls (More info?)

In article <107r2p46qdrcgbf@news.supernews.com>,
Chad Mahoney <spamme@mah0ney.com> wrote:
>zim wrote:
>
>> Hello. I am not a firewall expert, but I have been tasked to replace our
>> aging Sonicwall Pro2.
>>
>> I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
>> 30 users and a 1MB T1 line.
>>
>> I've heard the Sonicwall is easier to deal with, but the Cisco has more
>> robust security features. If we are concerned more with security, which one
>> should we lean towards?
>>
>> Thanks!
>>
>> pk
>>
>>
>
>depends on your needs, do you need to connect remote offices/users via
>VPN? The PIX is very easy to configure IPSEC between sites or users. IS
>cost an issue? Either firewall is a standard packet filtering/nat'ing
>firewall, the amount of users will not be an issue. By any chance do you
>have any other Cisco products in use or going to be put in use?
>
The Pix's are only packet filters? I would think you would want
some sort of stateful inspection based firewall as Packet Filters
do not understand bidirectional tcp traffic.

Dave

Archived from groups: comp.security.firewalls (More info?)

Lars M. Hansen wrote:

> On Wed, 14 Apr 2004 16:18:00 -0400, Chad Mahoney spoketh
>
>
>
>>Well in that case I would lean toward the PIX due to the VPN the reason
>>I say this is that your remote users can then use the Cisco VPN client
>>to create a secure IPSEC tunnel instead of using a PPTP solution you
>>probally are already using. Although I am aware the sonic wall will due
>>IPSEC VPN but then you are forced to use M$ client which may not be so
>>secure also the PIX plays very nice with other cisco products.
>>
>>hth,
>>
>>Chad
>
>
> Sonicwalls does IPSec tunnels as well; I don't know why you assumed
> PPTP...
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)


Did you actually read the post?

>> Although I am aware the sonic wall will due
>> IPSEC VPN but then you are forced to use M$ client which may not be
>> so secure

Archived from groups: comp.security.firewalls (More info?)

On Thu, 15 Apr 2004 07:35:01 -0400, Chad Mahoney spoketh


>
>Did you actually read the post?
>
> >> Although I am aware the sonic wall will due
> >> IPSEC VPN but then you are forced to use M$ client which may not be
> >> so secure

I must admit that I did not see that until now. However, Sonicwall has
their own VPN client, so you're not forced to use the MS Client. And, I
have not seen any evidence that it (or the MS client) are any less
secure than Ciscos' VPN client software.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Archived from groups: comp.security.firewalls (More info?)

In article <107t0e162jn963e@news.supernews.com>, spamme@mah0ney.com
says...
> Lars M. Hansen wrote:
>
> > On Thu, 15 Apr 2004 07:35:01 -0400, Chad Mahoney spoketh
> >
> >
> >
> >>Did you actually read the post?
> >>
> >>
> >>>>Although I am aware the sonic wall will due
> >>>>IPSEC VPN but then you are forced to use M$ client which may not be
> >>>>so secure
> >
> >
> > I must admit that I did not see that until now. However, Sonicwall has
> > their own VPN client, so you're not forced to use the MS Client. And, I
> > have not seen any evidence that it (or the MS client) are any less
> > secure than Ciscos' VPN client software.
> >
> > Lars M. Hansen
> > http://www.hansenonline.net
> > (replace 'badnews' with 'news' in e-mail address)
>
> Was unaware of sonic wall client, however would you really want to trust
> encrypted data with any product of M$???? I think M$ past and present
> security issues speak volumes!!!

I've not seen any information from any source that indicates there is
(or even suspects) that there is a problem with the MS implementation.
Just about every firewall appliance vendor provides VPN client software
for their appliances, many of them come with X number of free licenses
with the initial purchase of the firewall.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

In article <107t2v4j95h2n4b@news.supernews.com>, spamme@mah0ney.com
says...
> > I've not seen any information from any source that indicates there is
> > (or even suspects) that there is a problem with the MS implementation.

>
> how bout these...Results 11 - 20 of about 71,500 for microsoft vpn
> vulnerabilities. i think 71000 hits on the subject just about says it all...
>
> http://www.trusecure.com/knowledge [...] 0_ms.shtml
>
> http://www.zdnet.com.au/news/secur [...] 612,00.htm
>
> http://www.microsoft.com/technet/s [...] 8-012.mspx

Those sites indicate nothing wrong with using MS Software to "Connect"
to a PPTP server (not running MS PPTP VPN) - meaning that they only talk
about the MS Server PPTP service and not anything with the MS PPTP
client used to connect to other PPTP Aware devices.

Also, the MS article indicates that the hole was patched in 1998.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

On Thu, 15 Apr 2004 08:36:09 -0400, Chad Mahoney spoketh

>
>Was unaware of sonic wall client, however would you really want to trust
>encrypted data with any product of M$???? I think M$ past and present
>security issues speak volumes!!!
>

Past and present security issues with Cisco should speak fairly loudly
too, then, I would assume. As would any product from Sun, HP, Compaq,
Intel, 3Com and every other major player.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)