Watchguard Firebox 700 vs. Fortigate 100 vs. Netscreen 5GT

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Been a huge Sonicwall user for years now but I'm just tired of the EOL
product....support wise. VPN capabilites was a + versus Watchguard
when we had compared the products as their lower SOHO line did not
require a static IP for the SOHO unit vs Watchguard's Soho6 which did.




Out lease on our products is almost going to expire and it's time for
a technology overhaul. We have alot of SOHO workers and the capability
of a VPN with the SOHO side having a dynamic IP is most common.


How does the current Watchguard line compare to Fortigate 100 &
Netscreens crop of products ?


I am looking at possibly the following


Watchguard X700 / Soho6 TC
Fortigate 100/ Fortigate 50
Netscreen 5GT Extended / Netscreen 5Xt

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <ndrcc0po5m787g6tpt6h4bmafv1voqpu0g@4ax.com>, endor37@skip-
the-spam.hotmail.com says...
[snip]
> How does the current Watchguard line compare to Fortigate 100 &
> Netscreens crop of products ?
>
> I am looking at possibly the following
>
> Watchguard X700 / Soho6 TC
> Fortigate 100/ Fortigate 50
> Netscreen 5GT Extended / Netscreen 5Xt

Since we don't know your needs, network, traffic patterns, public
access, infrastructure, it's hard to tell you which would be best.

What do you do with your network?
How many nodes behind the firewall?
How many public IP?
How many VPN tunnels for remote users at one time?
How many fixed IPSec tunnels between locations?
How many/what type of public servers?

My first suggestion would be to skip the SOHO6tc, I don't like the
restrictions on included IP, VPN clients not included, and logging is
not part of the base package. The 700 and 1000 are great units and offer
everything most offices could need.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

We have 2 office with another one opening up.
Approx 30 remote employees thus the need for a good SOHO firewall that
works well with the *office firewall*.

When we compared the Sonicwall to Watchguard line, we really like the
Fireboxes at that time but the issue of Soho 6's requiring a static IP
to establish a VPN tunnel was a huge issue....as most remote workers
generally have a dynamic IP.


We have about50 nodes behind Firewall 1 and 20 nodes behind Firewall
2. Only 2 Public IP - none on a DMZ. One box running Exchange 2003 and
another serving WWW/FTP.

I expect in the next 5 years we should be up to 5-7 offices. Ease of
use would be ideal. The nice thing about the Sonicwall is that I can
walk anyone over the phone to administer it since the *GUI* is
universal up until the SONICOS series.....


On Wed, 09 Jun 2004 02:15:07 GMT, Leythos <void@nowhere.com> wrote:

>In article <ndrcc0po5m787g6tpt6h4bmafv1voqpu0g@4ax.com>, endor37@skip-
>the-spam.hotmail.com says...
>[snip]
>> How does the current Watchguard line compare to Fortigate 100 &
>> Netscreens crop of products ?
>>
>> I am looking at possibly the following
>>
>> Watchguard X700 / Soho6 TC
>> Fortigate 100/ Fortigate 50
>> Netscreen 5GT Extended / Netscreen 5Xt
>
>Since we don't know your needs, network, traffic patterns, public
>access, infrastructure, it's hard to tell you which would be best.
>
>What do you do with your network?
>How many nodes behind the firewall?
>How many public IP?
>How many VPN tunnels for remote users at one time?
>How many fixed IPSec tunnels between locations?
>How many/what type of public servers?
>
>My first suggestion would be to skip the SOHO6tc, I don't like the
>restrictions on included IP, VPN clients not included, and logging is
>not part of the base package. The 700 and 1000 are great units and offer
>everything most offices could need.
>
>
>--

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I just got a WG Firebox III Soho 6 and have had it for a couple of weeks. I
have to say WG Tech Support has gone out of its in helping the newbie.

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <7uucc0liuf31toeqlkf1raujgaea2va1ta@4ax.com>, endor37@skip-
the-spam.hotmail.com says...
> We have 2 office with another one opening up.
> Approx 30 remote employees thus the need for a good SOHO firewall that
> works well with the *office firewall*.

Do you want the remote employees to use a device so that it maintains an
always-connected tunnel to your office, or do you want them to use VPN
client software to connect to the office? I would suggest that you don't
allow 30 remote employees to connect directly from a device on their
home network, unless you own the connection and the device/PC also -
there are way to many problems with an always-connected connection when
home users are doing other things.

In many cases, a simple implementation of PPTP client connections are
secure and easy to setup on about any platform - the WG units provide a
free PPTP interface that you can configure and manage. The 1000 series
comes with 50 MUVPN client licenses if I remember correctly - that would
be the best client VPN option.

If you go with the SOHO line, you will need the SOHO6TC, and once the
tunnel is up you can administer it from your end.

>
> When we compared the Sonicwall to Watchguard line, we really like the
> Fireboxes at that time but the issue of Soho 6's requiring a static IP
> to establish a VPN tunnel was a huge issue....as most remote workers
> generally have a dynamic IP.

You will have to check, but I think that the SOHO6tc can do a tunnel
with a Dynamic IP, but you should not be doing an appliance for Dynamic
users - assuming home users, they should be using the Client VPN
software so that their machines are restricted to the tunnel when they
are online with the office. You don't really want them surfing,
downloading pirated music, getting their personal email, etc.. while
also connected to the VPN.

> We have about50 nodes behind Firewall 1 and 20 nodes behind Firewall
> 2. Only 2 Public IP - none on a DMZ. One box running Exchange 2003 and
> another serving WWW/FTP.
>
> I expect in the next 5 years we should be up to 5-7 offices. Ease of
> use would be ideal. The nice thing about the Sonicwall is that I can
> walk anyone over the phone to administer it since the *GUI* is
> universal up until the SONICOS series.....

I would get a FB 1000, put the servers in the public servers in the DMZ
and then create an ANY rule that lets LAN users reach the DMZ (not an
ideal method, but easy enough). If you want to make it really secure,
don't let the 2003/www/ftp servers be part of the AD structure in the
DMS - means everyone has two accounts/passwords to remember, but if one
gets hacked the other is not compromised by default. The 1000 series
comes with 50 MUVPN (mobile user VPN) licenses, but check first).


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)