dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9280
share rss forum feed


Gork
Ou812ic

join:2001-10-06
Bountiful, UT
reply to JPedroT

Re: 2013 USG SHOULD ADD FUNCTIONALITY

heh -- Perhaps...

Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..
reply to Anav
At the other extreme from free grass, but close to "free" Linux, is the object of this paper, which probably could perform AV and IDP at FTTH bandwidth rates. (Well written, but in case you don't have time to read it due to urgent grass sales, it is about using an nVidia GPU and other COTS parts to build a 40 GbE router. Power drain is a bit higher than a USG 50, however.)

»www.ndsl.kaist.edu/~kyoungsoo/pa···ader.pdf

kirby


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to JPedroT
said by JPedroT:

said by Gork:

I wish I could do and had your job.

Its not hard just go outside, pick up a blade of grass or anthing else thats is free for you to aquire and just sell it

Now you are competing with bbarrera

I think your getting mixed up with a different type of plant. Smoke the android pipe!
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to mozerd
said by mozerd:

»www.cisco.com/en/US/prod/collate···997.html
I'm impressed with the ISA570

Got the ISA570 .... installed in 20 user office and I can state that this unit PERFORMS with all UTM services online .... no one is complaining of any speed issues in this very busy office from a computing perspective.

A superb value proposition at $734.75 [ISA570-BUN3-K9] from PROVANTAGE that includes 3 years subscription to ALL 8 UTM services.

Take Note:
Q. Do I need to buy a separate license to use security subscription services?

A. Cisco ISA500 comes standard with both hardware and UTM security services. Customers do not need to purchase a separate license for the security services.

The ISA570-BUN3-K9 bundle makes the USG 300 look a very sick puppy.

Am I impressed ---- You better believe it.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

lorennerol
Premium
join:2003-10-29
Seattle, WA
What's the annual maintenance/support contract cost? That has to be considered from a TCO standpoint.


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

1 edit

1 recommendation

$70 for 3 year contract under the CISCO package called
CON-SBS-SVC2

This includes Phone or Online support and Firmware updates.
[edit] Also includes next day box replacement if the box fails.

Very CHEAP.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

lorennerol
Premium
join:2003-10-29
Seattle, WA

1 recommendation

said by mozerd:

$70 for 3 year contract under the CISCO package called
CON-SBS-SVC2

This includes Phone or Online support and Firmware updates.

Very CHEAP.

Not as inexpensive as free, though.

I have a philosophical issue with the policy of requiring a service contract to obtain fixes for security and stability defects.


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

1 recommendation

$23 per year is not free agree but still CHEAP for a CISCO box. Plus the ISA570 has features and capabilities that FAR exceed the USG stuff -- LOOK it up for your self and DROOL. AND the CISCO documentation is written in understandable ENGLISH.

Kirby Smith

join:2001-01-26
Derry, NH
Agree service contract cost is in the noise for a business.

Q. But how CHEAP is the renewal after three years?

Q. Is the CLI fairly standard by CISCO standards (sorry), or different, or not accessible?

kirby

lorennerol
Premium
join:2003-10-29
Seattle, WA

1 recommendation

reply to mozerd
The specs look impressive:

Stateful Packet Inspection Throughput: 500 Mbps
Maximum Connections: 40,000
Sessions Per Second (cps) : 3000
IPS Throughput: 90Mbps
AV Throughput: 80 Mbps
UTM Throughput: 75 Mbps
IPsec VPN Throughput (Data Encryption Standard [DES] / Triple DES [3DES] / Advanced Encryption Standard [AES]):130 Mbps
IPsec VPN Site-to-Site Tunnels: 100
IPsec VPN Remote Access Tunnels: 75

Especially after being told by ZyXEL support that the USG100 maxes out at 5 mbit throughput over an IPsec VPN.

Still would like to see real-world tests. As we've seen with ZyXEL the published speeds are often best-case scenarios that don't reflect what happens on typical networks.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
What is the cost of subscription services after the initial 3 years????

Kirby Smith

join:2001-01-26
Derry, NH
reply to Anav
Some who have visited this forum would be happy that it also includes uPnP. Others, probably not.

kirby


bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1
reply to JPedroT
said by JPedroT:

said by Gork:

I wish I could do and had your job.

Its not hard just go outside, pick up a blade of grass or anthing else thats is free for you to aquire and just sell it

Now you are competing with bbarrera

Haha, LOL, its like selling ice to eskimos. Do you want your ice cubed, half-cubed, chewable, shaved, flake, or nugget? Don't waste your time making and shaping ice when you could be out hunting walrus, beluga whale, seal, caribou, musk ox, and fish!


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
You dont have me fooled while some are making ice, and the others hunting, admit it you would prefer to be making out with the Inuit women. ;-P

Kirby Smith

join:2001-01-26
Derry, NH
This forum is definitely better than TV.


bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
kudos:1
reply to Anav
I'm heating things up back in the igloo to raise temps and melt the ice, so I can sell more!!! (roll the evil genius laugh)

JPedroT

join:2005-02-18
kudos:1
said by bbarrera:

I'm heating things up back in the igloo to raise temps and melt the ice, so I can sell more!!! (roll the evil genius laugh)

I got a patent on raising temps by human interaction, I'll see you in East Texas my friend!
--
"Perl is executable line noise, Python is executable pseudo-code."


Gork
Ou812ic

join:2001-10-06
Bountiful, UT

1 recommendation

reply to mozerd
said by mozerd:

this unit PERFORMS

/drool

I just want something that WORKS AS ADVERTISED. I'm tired of dealing with buggy hardware and software because I'm trying to get as much bang for the buck as possible. I just may make upgrading to a Cisco router a priority at some point. $800ish for my little network at home? SILLY! But at least it would work properly...

JPedroT

join:2005-02-18
kudos:1
said by Gork:

said by mozerd:

this unit PERFORMS

/drool

I just want something that WORKS AS ADVERTISED. I'm tired of dealing with buggy hardware and software because I'm trying to get as much bang for the buck as possible. I just may make upgrading to a Cisco router a priority at some point. $800ish for my little network at home? SILLY! But at least it would work properly...

Good luck with that, we are talking about software :P
Hopefully the Cisco devices works as advertised and you guys will be happy with the device.

As other has mentioned the license you are paying is basically nothing. I pay more for my personal google app domain per month than $70 USD.
--
"Perl is executable line noise, Python is executable pseudo-code."


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

1 edit
reply to Kirby Smith
said by Kirby Smith:

Q. But how CHEAP is the renewal after three years?
Q. Is the CLI fairly standard by CISCO standards (sorry), or different, or not accessible?

for the 8 UTM services the Renewal is $84 [total] per year or $250 for 3 years. This is remarkably cheaper than the USG license cost which add up to a great deal more. The renewal price depends on how its purchased since CISCO have a MSO way of doing business so the MSO could charge a lot more than what I stated. If you're wondering what MSO stands for --- Multiple Service Operator.
I do not know if CLI is available -- I used the wizards that walk you through each stage of the configuration -- I was surprized how well they work. I did not have much time to experiment or look around.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to lorennerol
said by lorennerol:

Still would like to see real-world tests. As we've seen with ZyXEL the published speeds are often best-case scenarios that don't reflect what happens on typical networks.

Check out the review that SmallNetBuilder did on the ISA500W -- note that its not the ISA570 but will give you some good idea

From my current experience the ISA570 screams PERFORMANCE.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..
reply to Anav
The ISA500 series spec sheet (.pdf), accessible from the Q&A link provided a few pages back, reveals that the specified full UTM bandwidth is two-way. (I don't understand how all UTM services apply to two-way traffic. What applicability would IDP have for outgoing messages? Maybe relevant to LAN to LAN traffic. There is a standard for this test so I imagine if I really want to understand it I'll have to read a copy.)

kirby

JPedroT

join:2005-02-18
kudos:1
said by Kirby Smith:

The ISA500 series spec sheet (.pdf), accessible from the Q&A link provided a few pages back, reveals that the specified full UTM bandwidth is two-way. (I don't understand how all UTM services apply to two-way traffic. What applicability would IDP have for outgoing messages? Maybe relevant to LAN to LAN traffic. There is a standard for this test so I imagine if I really want to understand it I'll have to read a copy.)

kirby

The standard is get as high value as possible.
--
"Perl is executable line noise, Python is executable pseudo-code."


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
So basically divide their marketing numbers by 2?

JPedroT

join:2005-02-18
kudos:1
said by Anav:

So basically divide their marketing numbers by 2?

Depends on a lot of things, you need to look at how they benchmark.
For instance most throughput is benchmarked at L2 and not L3 for instance.
And do they turn on all services and use all services at the same time? Or just 1 and 1 service at the time.
--
"Perl is executable line noise, Python is executable pseudo-code."


superataru

join:2004-12-07
Kearny, NJ

1 recommendation

reply to Anav
Hi all.
I lost myself in these thousands of comments. My humble opinion is that ZyXEL has a nice performance/cost ratio. Some bugs or limits have (still) to be fized / overcome, but are very nice devices. At the moment, the max number of users connected to a device, for me has been 50 users/hosts and 25 concurrent VPN tunnels, and had not particular problems, if not due to some errors made by Application Patrol (i hope God fires ultrasurf check...) and low BW available from ISP (here, real 20Mbps are a nice dream ...).
Cisco devices are very nice, but too expensive, and to reach a way to buy them, you must go trough the Lord of the Rings' Hall ( ). I like very much switches, i used for CCNA security, but with the value of a switch 36XX i can buy ~ 2 USG300 and 4 ZyXEL 24p-giga. LOL
I am looking for Clavister too (»www.clavister.com/products/), that has so nice devices, and a very granular settings. ZyXEL---Clavister are fully compatible. Actually my home is behind an Clavister SG50.

Going back to things should be added to USGs .....

A larger mumber of customized trunks, as they are too few. If i got two BB connections, for example, i need (active - passive) AA, AP, PA and this for outbound, inbound, outbound+inbound: so, at least 9 different trunks. Not just 5.


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

1 recommendation

said by superataru:

Cisco devices are very nice, but too expensive, and to reach a way to buy them, you must go trough the Lord of the Rings' Hall ( )

In North America the Value Proposition in now in favour of the CISCO ISA570 big time--
plus the CISCO gear works out of the box for every service it offers ---IPv6 no problemo, SSL no problemo, VPN a piece of cake, wizards work really well much to my surprise. ZONES are a pleasure to work with, VLAN's much easier to configure and a UTM performance that is simply outstanding --- Only downside is I need to get my hands on another one to see if its got a CLI
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..

1 recommendation

mozerd:

I would suggest spending time (which I haven't lately) at CISCO's help forum before declaring that everything works in the ISA570. I believe that everything worked for you that needed to work for you.

»supportforums.cisco.com/communit···/routers

While the ISA570 forum traffic, presently limited due to its recent introduction, may never reach the crescendo of RV042/082 traffic, I doubt that CISCO has produced in the ISA570 a router that will never need alteration. It may be fair to say that at its introduction it was more mature than the USG.

kirby


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

1 recommendation

reply to Anav
What I want to know is if anyone has setup SSL VPN to work for a remote user to access resources behind the Router. It seems in various threads it only allows the admin to access the network which is breast useless.


idolclub

join:2003-12-24

1 recommendation

reply to Anav
Another choice: Fortinet FortiGate-60D Network Security Appliances

Product Name: FortiGate-60D
Firewall Throughput 1518 Bytes: 1.5 Gbps
Firewall Throughput 512 Bytes: 1.5 Gbps
Firewall Throughput 64 Bytes: 1.5 Gbps
Firewall Max Concurrent Session: 500 K
Firewall New Sessions per second: 3,200
IPS Throughput: 200 Mbps
SSL-VPN Throughput: 30 Mbps
IPSec VPN Throughput 512 Byte Packet: 1 Gbps
Antivirus Throughput (Proxy): 35 Mbps
Antivirus Throughput (Flow): 50 Mbps
Total Network Interfaces: 7 x 10/100/1000 RJ45 Internal Ports, 2 x 10/100/1000 RJ45 WAN Ports, 1 x 10/100/1000 RJ45 DMZ Port

Only $513 from Amazon
»www.amazon.com/Fortinet-FortiGat···gate+60d