Sonicwall vs Cisco?

Archived from groups: comp.security.firewalls (More info?)

Hello. I am not a firewall expert, but I have been tasked to replace our
aging Sonicwall Pro2.

I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
30 users and a 1MB T1 line.

I've heard the Sonicwall is easier to deal with, but the Cisco has more
robust security features. If we are concerned more with security, which one
should we lean towards?

Thanks!

pk
19 answers Last reply
More about sonicwall cisco
  1. Archived from groups: comp.security.firewalls (More info?)

    zim wrote:

    > Hello. I am not a firewall expert, but I have been tasked to replace our
    > aging Sonicwall Pro2.
    >
    > I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
    > 30 users and a 1MB T1 line.
    >
    > I've heard the Sonicwall is easier to deal with, but the Cisco has more
    > robust security features. If we are concerned more with security, which one
    > should we lean towards?
    >
    > Thanks!
    >
    > pk
    >
    >

    depends on your needs, do you need to connect remote offices/users via
    VPN? The PIX is very easy to configure IPSEC between sites or users. IS
    cost an issue? Either firewall is a standard packet filtering/nat'ing
    firewall, the amount of users will not be an issue. By any chance do you
    have any other Cisco products in use or going to be put in use?


    Chad
  2. Archived from groups: comp.security.firewalls (More info?)

    Cisco is certainly more robust, but does require some Cisco "pix"
    experience. A Sonicwall is easy to configure for almost anyone.

    -Robert


    On Wed, 14 Apr 2004 18:51:33 GMT, "zim" <pk@pk.com> wrote:

    >Hello. I am not a firewall expert, but I have been tasked to replace our
    >aging Sonicwall Pro2.
    >
    >I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
    >30 users and a 1MB T1 line.
    >
    >I've heard the Sonicwall is easier to deal with, but the Cisco has more
    >robust security features. If we are concerned more with security, which one
    >should we lean towards?
    >
    >Thanks!
    >
    >pk
    >
  3. Archived from groups: comp.security.firewalls (More info?)

    In article <VKffc.36819$7c6.36402@newssvr29.news.prodigy.com>, pk@pk.com
    says...
    > Hello. I am not a firewall expert, but I have been tasked to replace our
    > aging Sonicwall Pro2.
    >
    > I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
    > 30 users and a 1MB T1 line.
    >
    > I've heard the Sonicwall is easier to deal with, but the Cisco has more
    > robust security features. If we are concerned more with security, which one
    > should we lean towards?

    Take a look at the WatchGuard 700 series. Loaded with features, proxies,
    filtering of email (smtp inbound), etc...

    www.watchguard.com

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  4. Archived from groups: comp.security.firewalls (More info?)

    "Chad Mahoney" <spamme@mah0ney.com> wrote in message
    news:107r2p46qdrcgbf@news.supernews.com...
    > zim wrote:
    >
    > > Hello. I am not a firewall expert, but I have been tasked to replace our
    > > aging Sonicwall Pro2.
    > >
    > > I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We
    have
    > > 30 users and a 1MB T1 line.
    > >
    > > I've heard the Sonicwall is easier to deal with, but the Cisco has more
    > > robust security features. If we are concerned more with security, which
    one
    > > should we lean towards?
    > >
    > > Thanks!
    > >
    > > pk
    > >
    > >
    >
    > depends on your needs, do you need to connect remote offices/users via
    > VPN? The PIX is very easy to configure IPSEC between sites or users. IS
    > cost an issue? Either firewall is a standard packet filtering/nat'ing
    > firewall, the amount of users will not be an issue. By any chance do you
    > have any other Cisco products in use or going to be put in use?
    >
    >
    > Chad


    Thanks for responding. Yes, we have about 12 users who VPN from time to
    time. We have a Cisco 1720 router and a 2600 router.
  5. Archived from groups: comp.security.firewalls (More info?)

    zim wrote:

    > "Chad Mahoney" <spamme@mah0ney.com> wrote in message
    > news:107r2p46qdrcgbf@news.supernews.com...
    >
    >>zim wrote:
    >>
    >>
    >>>Hello. I am not a firewall expert, but I have been tasked to replace our
    >>>aging Sonicwall Pro2.
    >>>
    >>>I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We
    >
    > have
    >
    >>>30 users and a 1MB T1 line.
    >>>
    >>>I've heard the Sonicwall is easier to deal with, but the Cisco has more
    >>>robust security features. If we are concerned more with security, which
    >
    > one
    >
    >>>should we lean towards?
    >>>
    >>>Thanks!
    >>>
    >>>pk
    >>>
    >>>
    >>
    >>depends on your needs, do you need to connect remote offices/users via
    >>VPN? The PIX is very easy to configure IPSEC between sites or users. IS
    >>cost an issue? Either firewall is a standard packet filtering/nat'ing
    >>firewall, the amount of users will not be an issue. By any chance do you
    >>have any other Cisco products in use or going to be put in use?
    >>
    >>
    >>Chad
    >
    >
    >
    > Thanks for responding. Yes, we have about 12 users who VPN from time to
    > time. We have a Cisco 1720 router and a 2600 router.
    >
    >
    >
    Well in that case I would lean toward the PIX due to the VPN the reason
    I say this is that your remote users can then use the Cisco VPN client
    to create a secure IPSEC tunnel instead of using a PPTP solution you
    probally are already using. Although I am aware the sonic wall will due
    IPSEC VPN but then you are forced to use M$ client which may not be so
    secure:) also the PIX plays very nice with other cisco products.

    hth,

    Chad
  6. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 14 Apr 2004 16:18:00 -0400, Chad Mahoney spoketh


    >Well in that case I would lean toward the PIX due to the VPN the reason
    >I say this is that your remote users can then use the Cisco VPN client
    >to create a secure IPSEC tunnel instead of using a PPTP solution you
    >probally are already using. Although I am aware the sonic wall will due
    >IPSEC VPN but then you are forced to use M$ client which may not be so
    >secure:) also the PIX plays very nice with other cisco products.
    >
    >hth,
    >
    >Chad

    Sonicwalls does IPSec tunnels as well; I don't know why you assumed
    PPTP...

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  7. Archived from groups: comp.security.firewalls (More info?)

    "Rob" <bobh1234@hotmail.com> wrote in message
    news:lo4r70ld9gfq3aqao4b6mp4ldlsuuhtibo@4ax.com...
    > Cisco is certainly more robust, but does require some Cisco "pix"
    > experience. A Sonicwall is easy to configure for almost anyone.
    >
    > -Robert

    Have you actually worked on one? Getting one out of the box and getting it
    working takes about 10-15 minutes tops if you use the built in web based PDM
    and follow the step by step wizard which has help along the way. pretty
    foolproof.
  8. Archived from groups: comp.security.firewalls (More info?)

    In article <107r2p46qdrcgbf@news.supernews.com>,
    Chad Mahoney <spamme@mah0ney.com> wrote:
    >zim wrote:
    >
    >> Hello. I am not a firewall expert, but I have been tasked to replace our
    >> aging Sonicwall Pro2.
    >>
    >> I've been recommended the SonicWall TZ-170, and the Cisco PIX 501. We have
    >> 30 users and a 1MB T1 line.
    >>
    >> I've heard the Sonicwall is easier to deal with, but the Cisco has more
    >> robust security features. If we are concerned more with security, which one
    >> should we lean towards?
    >>
    >> Thanks!
    >>
    >> pk
    >>
    >>
    >
    >depends on your needs, do you need to connect remote offices/users via
    >VPN? The PIX is very easy to configure IPSEC between sites or users. IS
    >cost an issue? Either firewall is a standard packet filtering/nat'ing
    >firewall, the amount of users will not be an issue. By any chance do you
    >have any other Cisco products in use or going to be put in use?
    >
    The Pix's are only packet filters? I would think you would want
    some sort of stateful inspection based firewall as Packet Filters
    do not understand bidirectional tcp traffic.

    Dave
  9. Archived from groups: comp.security.firewalls (More info?)

    Dave Gresham <gresham@visi.com> wrote:
    >>depends on your needs, do you need to connect remote offices/users via
    >>VPN? The PIX is very easy to configure IPSEC between sites or users. IS
    >>cost an issue? Either firewall is a standard packet filtering/nat'ing
    >>firewall, the amount of users will not be an issue. By any chance do you
    >>have any other Cisco products in use or going to be put in use?
    >>
    > The Pix's are only packet filters? I would think you would want
    > some sort of stateful inspection based firewall as Packet Filters
    > do not understand bidirectional tcp traffic.

    PIX's are stateful.

    --
    Jason Kau
    bubbafat@SPAMspeakeasy.net IS FOR EMAIL
    jkau@vulture.cnd.gatech.edu IS FOR SPAM
    http://www.cnd.gatech.edu/~jkau
  10. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    > On Wed, 14 Apr 2004 16:18:00 -0400, Chad Mahoney spoketh
    >
    >
    >
    >>Well in that case I would lean toward the PIX due to the VPN the reason
    >>I say this is that your remote users can then use the Cisco VPN client
    >>to create a secure IPSEC tunnel instead of using a PPTP solution you
    >>probally are already using. Although I am aware the sonic wall will due
    >>IPSEC VPN but then you are forced to use M$ client which may not be so
    >>secure:) also the PIX plays very nice with other cisco products.
    >>
    >>hth,
    >>
    >>Chad
    >
    >
    > Sonicwalls does IPSec tunnels as well; I don't know why you assumed
    > PPTP...
    >
    > Lars M. Hansen
    > http://www.hansenonline.net
    > (replace 'badnews' with 'news' in e-mail address)


    Did you actually read the post?

    >> Although I am aware the sonic wall will due
    >> IPSEC VPN but then you are forced to use M$ client which may not be
    >> so secure
  11. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    > On Wed, 14 Apr 2004 16:18:00 -0400, Chad Mahoney spoketh
    >
    >
    >
    >>Well in that case I would lean toward the PIX due to the VPN the reason
    >>I say this is that your remote users can then use the Cisco VPN client
    >>to create a secure IPSEC tunnel instead of using a PPTP solution you
    >>probally are already using. Although I am aware the sonic wall will due
    >>IPSEC VPN but then you are forced to use M$ client which may not be so
    >>secure:) also the PIX plays very nice with other cisco products.
    >>
    >>hth,
    >>
    >>Chad
    >
    >
    > Sonicwalls does IPSec tunnels as well; I don't know why you assumed
    > PPTP...
    >
    > Lars M. Hansen
    > http://www.hansenonline.net
    > (replace 'badnews' with 'news' in e-mail address)

    Did you actually read the post?

    >> Although I am aware the sonic wall will due
    >> IPSEC VPN but then you are forced to use M$ client which may not be
    >> so secure
  12. Archived from groups: comp.security.firewalls (More info?)

    On Thu, 15 Apr 2004 07:35:01 -0400, Chad Mahoney spoketh


    >
    >Did you actually read the post?
    >
    > >> Although I am aware the sonic wall will due
    > >> IPSEC VPN but then you are forced to use M$ client which may not be
    > >> so secure

    I must admit that I did not see that until now. However, Sonicwall has
    their own VPN client, so you're not forced to use the MS Client. And, I
    have not seen any evidence that it (or the MS client) are any less
    secure than Ciscos' VPN client software.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  13. Archived from groups: comp.security.firewalls (More info?)

    Lars M. Hansen wrote:

    > On Thu, 15 Apr 2004 07:35:01 -0400, Chad Mahoney spoketh
    >
    >
    >
    >>Did you actually read the post?
    >>
    >>
    >>>>Although I am aware the sonic wall will due
    >>>>IPSEC VPN but then you are forced to use M$ client which may not be
    >>>>so secure
    >
    >
    > I must admit that I did not see that until now. However, Sonicwall has
    > their own VPN client, so you're not forced to use the MS Client. And, I
    > have not seen any evidence that it (or the MS client) are any less
    > secure than Ciscos' VPN client software.
    >
    > Lars M. Hansen
    > http://www.hansenonline.net
    > (replace 'badnews' with 'news' in e-mail address)

    Was unaware of sonic wall client, however would you really want to trust
    encrypted data with any product of M$???? I think M$ past and present
    security issues speak volumes!!!
  14. Archived from groups: comp.security.firewalls (More info?)

    On Thu, 15 Apr 2004 08:36:09 -0400, Chad Mahoney spoketh

    >
    >Was unaware of sonic wall client, however would you really want to trust
    >encrypted data with any product of M$???? I think M$ past and present
    >security issues speak volumes!!!
    >

    Past and present security issues with Cisco should speak fairly loudly
    too, then, I would assume. As would any product from Sun, HP, Compaq,
    Intel, 3Com and every other major player.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  15. Archived from groups: comp.security.firewalls (More info?)

    In article <107t0e162jn963e@news.supernews.com>, spamme@mah0ney.com
    says...
    > Lars M. Hansen wrote:
    >
    > > On Thu, 15 Apr 2004 07:35:01 -0400, Chad Mahoney spoketh
    > >
    > >
    > >
    > >>Did you actually read the post?
    > >>
    > >>
    > >>>>Although I am aware the sonic wall will due
    > >>>>IPSEC VPN but then you are forced to use M$ client which may not be
    > >>>>so secure
    > >
    > >
    > > I must admit that I did not see that until now. However, Sonicwall has
    > > their own VPN client, so you're not forced to use the MS Client. And, I
    > > have not seen any evidence that it (or the MS client) are any less
    > > secure than Ciscos' VPN client software.
    > >
    > > Lars M. Hansen
    > > http://www.hansenonline.net
    > > (replace 'badnews' with 'news' in e-mail address)
    >
    > Was unaware of sonic wall client, however would you really want to trust
    > encrypted data with any product of M$???? I think M$ past and present
    > security issues speak volumes!!!

    I've not seen any information from any source that indicates there is
    (or even suspects) that there is a problem with the MS implementation.
    Just about every firewall appliance vendor provides VPN client software
    for their appliances, many of them come with X number of free licenses
    with the initial purchase of the firewall.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  16. Archived from groups: comp.security.firewalls (More info?)

    >
    > I've not seen any information from any source that indicates there is
    > (or even suspects) that there is a problem with the MS implementation.


    how bout these...Results 11 - 20 of about 71,500 for microsoft vpn
    vulnerabilities. i think 71000 hits on the subject just about says it all...

    http://www.trusecure.com/knowledge/hype/20040210_ms.shtml

    http://www.zdnet.com.au/news/security/0,2000061744,20268612,00.htm

    http://www.microsoft.com/technet/security/bulletin/ms98-012.mspx
  17. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 14 Apr 2004 20:01:15 -0400, "Hugo Drax"
    <hugodrax@draxindustries.com> wrote:

    >
    >Have you actually worked on one? Getting one out of the box and getting it
    >working takes about 10-15 minutes tops if you use the built in web based PDM
    >and follow the step by step wizard which has help along the way. pretty
    >foolproof.
    >

    Oh, I agree. But since when did you just want to use the wizard on a
    Cisco product? It can do so much more.

    A Sonicwall is truly WYSIWYG. There's nuthin' more under the hood.

    -Robert
  18. Archived from groups: comp.security.firewalls (More info?)

    In article <107t2v4j95h2n4b@news.supernews.com>, spamme@mah0ney.com
    says...
    > > I've not seen any information from any source that indicates there is
    > > (or even suspects) that there is a problem with the MS implementation.

    >
    > how bout these...Results 11 - 20 of about 71,500 for microsoft vpn
    > vulnerabilities. i think 71000 hits on the subject just about says it all...
    >
    > http://www.trusecure.com/knowledge/hype/20040210_ms.shtml
    >
    > http://www.zdnet.com.au/news/security/0,2000061744,20268612,00.htm
    >
    > http://www.microsoft.com/technet/security/bulletin/ms98-012.mspx

    Those sites indicate nothing wrong with using MS Software to "Connect"
    to a PPTP server (not running MS PPTP VPN) - meaning that they only talk
    about the MS Server PPTP service and not anything with the MS PPTP
    client used to connect to other PPTP Aware devices.

    Also, the MS article indicates that the hole was patched in 1998.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  19. Archived from groups: comp.security.firewalls (More info?)

    In article <c5l50t$839$1@news-int.gatech.edu>,
    Jason Kau <jkau@vulture.cnd.gatech.edu> wrote:
    >Dave Gresham <gresham@visi.com> wrote:
    >> The Pix's are only packet filters? I would think you would want
    >> some sort of stateful inspection based firewall as Packet Filters
    >> do not understand bidirectional tcp traffic.
    >
    >PIX's are stateful.
    >
    Thats what I thought. I just wanted to make sure ii hadn't moved
    to another planet.
Ask a new question

Read More

Firewalls Security Cisco Networking