dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7
share rss forum feed

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to macallah

Re: What to get for the house

That's exactly what they'll do... build their own. Cisco/Juniper gear is Enterprise Class hardware with an Enterprise Class price tag. While I use Cisco (and Sun) gear at home, all of it is ancient.

You aren't going to get 100M+ speeds with services (esp. IPS/IDS) on a Cisco router -- for less than 5 figures. They simply aren't designed for that. That's the market for dedicated firewalls -- 5510 and above with an SSM to do full traffic inspection.

For the money... build it yourself. Any linux/*bsd box can do it with ease. ('tho full gig will take a bit more power, but even an old P4 should handle it.) However, this is trading money for effort.


Da Geek Kid

join:2003-10-11
::1
kudos:1
I highly agree. I use »www.smoothwall.org/ which is very capable of pushing those speeds and more...

aryoba
Premium,MVM
join:2002-08-22
kudos:6

1 recommendation

reply to cramer
said by cramer:

You aren't going to get 100M+ speeds with services (esp. IPS/IDS) on a Cisco router -- for less than 5 figures. They simply aren't designed for that. That's the market for dedicated firewalls -- 5510 and above with an SSM to do full traffic inspection.

A Juniper SRX 100 costs significantly less than 1K and is able to push 700 Mbps firewall traffic throughput. A Cisco ASA 5505 (comparable price of the SRX 100) is only able to push up to 150 Mbps. These numbers came from the their websites.

»www.juniper.net/us/en/local/pdf/ ··· 1-en.pdf
»www.cisco.com/en/US/prod/collate ··· 0c5.html

We did some internal testing between Juniper SRX and Cisco ASA where the ASA took significant load with IPS work while SRX did not even blip. The choice then was no brainer

So with the right solution, you could get decent firewall for less than 5 figures

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
Indeed. And none of those are Cisco ROUTERS. The 5505 is tiny, underpowered (cheap) SOHO device. Powered by a 500MHz GEODE, it's not designed for IPS -- there's an SSM for that, but it's WAY expensive. Plus, the 5505 only has 100meg interfaces, so 150Mbps is sufficient.

Gig speeds means much more expensive Cisco kit, or looking at non-Cisco stuff. Cisco is shooting themselves in the foot here, but they have so many cooks in so many kitchens they don't know where they are or need to be.


Da Geek Kid

join:2003-10-11
::1
kudos:1
welcome to walmart forum folks...

aryoba
Premium,MVM
join:2002-08-22
kudos:6
reply to cramer
said by cramer:

Gig speeds means much more expensive Cisco kit, or looking at non-Cisco stuff. Cisco is shooting themselves in the foot here, but they have so many cooks in so many kitchens they don't know where they are or need to be.

There are a lot of companies that feel comfortable only when they deal with Cisco equipment, either because Cisco is the only standard network gear of the company, the company consists of engineers and managers that only know "the Cisco way", or of Cisco brand marketing. In some ways, Cisco counts on these companies to keep buying Cisco and only Cisco though Cisco has been competing head-to-head with Juniper especially when Cisco lost contract to Juniper with one of the Cisco's giant customers