how-to block ads
|
|
Share Topic
 |
 |
|
|
|
Ult
join:2000-08-01
Arlington, VA
| reply to sushid
Re: Sonicwall / Netscreen / Cisco / other? Okay, someone was asking what's the difference between the Netscreen 5XP and 5XT as well as it's comparative differences between other devices. So I thought I'd pipe in.
The 5XP has 2 interfaces : untrust (outside) and trust (inside). It has a really small footprint (size of a small paperback book?)
The 5XT has 5 interfaces : untrust (outside) and trust (inside) but the trusted interface actually has 4 ports (10/100). It also has more onboard memory and has the ability to dial into an ISP if the main link goes down. (dial up backup). Other items include greater overall throughput (70Mbps vs 20Mbps), a little bit wider, 3.5x the performance of the 5XP, etc. By the way, the PIX 501 runs at max of 10Mbps. Don't get confused with these numbers as they don't mean as much as they sound because most people's broadband isn't greater than what... say 1.5Mpbs?
As for how it compares to other devices, it's an extraordinary powerful box in that it has the performance to match the lower end cisco PIXs, has the GUI to match watchguard and checkpoint, and my favorite is it has onboard IDS sensors (so if someone does a ping sweep or searches for open ports it'll notify you) by emailing a log to any email address you want. (inclusive of SNMP or SYSLOG notifications as well).
Having said that, it's a pricey penny. I think there's a 10 user unit for around SushiD's price point. It's not really meant for mom/pops. It's mainly designed for those who can take advantage of it's flexibility.
SushiD, you also mentioned bandwidth mgmt. It has that as well. (ie: throttle WEB traffic to x packets/sec) and it can make pretty little traffic graphs for upper management. However, consider using MRTG instead.
However, these two units don't, as far as I know, offer a DMZ port.
As for the PIX 501, b/c it's based on the PIX platform, it's highly flexible and powerful, but ya gotta know the CLI very well. Changes are not pretty as you need to know the commands and understand how to build ACLS. Not a big deal, but if your requirement is to click here and there and be done with it in order to make a change - it aint gonna cut it. (its web interface is 1st generation, vs a more intuitive interface of Watchguard, netscreen, sonicwall, and all the rest). Don't get me wrong, I love the PIX, but it has a learning curve.
phew....
[text was edited by author 2002-12-11 23:41:53] | |
sushid
join:2002-10-31
Arlington Heights, IL
| Thanks, Ult, for the info! I have actually figured out the obvious differences between the XP and XT, I was wondering if there were unobvious ones.
BTW, I read an independent evaluation of the Netscreen-5XP and other, SERIOUS players (e.g. a $14,000 Cisco), and the 5XP came in only SECOND in throughput for encryption and bandwidth management. I was impressed.
said by Ult:
(Netscreen) has the GUI to match watchguard and checkpoint, and my favorite is it has onboard IDS sensors (so if someone does a ping sweep or searches for open ports it'll notify you)
I liked the Netscreen GUI at first, too -- then I saw SonicWall's which seemed even *more* intuitive.
Also, can the Netscreen do any kind of ONBOARD content filtering or replacement -- e.g. stream re-write, blocking based on keyword or URL, etc. -- without requiring an external server like NetSense? Sonicwall's can be seen at the management interface www.sonicguard.com/products/demo/index.html , click "Filter," then "Keywords".
I think both Netscreen and Sonicwall have the same IDS and reporting abilities -- can anyone confirm / deny? quote:
However, these two units don't, as far as I know, offer a DMZ port.
As for the PIX 501, b/c it's based on the PIX platform, it's highly flexible and powerful, but ya gotta know the CLI very well.
I understand that neither have a DMZ port, and that with neither would I get a *true* DMZ... I'd like to be able to put a server in the LAN and know that it can people can get through to it as necessary without putting the other LAN boxes at risk, however. Sonicwall seems to offer that thru the "LAN out" option, though (in the management interface, click "Tools".)
I think you've nailed it against Cisco for me. Just about everyone -- even Cisco affecionados -- have said what you've said. I get the message. 
Thanks for the long note, Ult. Any info on the Netscreen in the areas I've indicated would be appreciated. (At least I understand what Sonicwall offers, now!)
BTW, I just realized it might look like I'm trolling for Sonicwall or SonicGuard sales...nope. Just a confused consumer wishing he didn't have to register at a website just to see an interface, and that these manufacturers could provide more than "datasheets for dummies." 
[text was edited by author 2002-12-12 23:42:30] | |
|
