Q: According to the ISA server spec sheet looks a lot more to offer than the hardware-based firewall counterpart.
I wonder if any of you have used this software in a large production area networks? If you have, how are you?
I like a little research on software firewalls in large enterprises.
Thanks
Next Generation Network Marketing Handbook
Re:guy, a firewall is a trusted component in your network. You are trusting it to enforce a certain policy with respect to traffic through it – that is, provide no more or less service than you specify. A key question to ask about any firewall is: can you trust it? Formally speaking, the answer for all firewall products is no, but informally speaking, it comes down to the confidence level you have in the vendor and the product, which in turn often comes down to reputation.
What's Microsoft's reputation on security? Abysmal.
Cisco's? Okay.
SonicWall's? Okay. Not as well proven as Cisco.
I will never willingly put Microsoft anything into my network. I can't trust it. It's a security disaster. It's a reliability disaster. Been there, done that, been burned, ain't going back.
Cisco isn't perfect, but they're very widely deployed and reasonably good about responding to security problems fast. A lot of people whose opinions I trust and my own operational experience is that Cisco's equipment can be made to work well enough.
SonicWALL has a more limited user base than Cisco and is therefore less proven. From what I've seen and read, they seem on par with Cisco in terms of trustworthiness, maybe slightly below because of who uses/tests Cisco PIX vs. SonicWALL (there are many PIX customers who are very hard core about lab testing and won't buy until issues are fixed – that forces Cisco to improve the quality of their product).
If it were me picking, I'd pick PIX, no question.
guy, the PIX line runs its own OS, which has a vaguely IOS-like CLI grafted on it.
Use Microsoft Office 2007 like a Pro!
Re:One thing with sotware firewall is that its OS vulnerability can be a big problem. Other than that though, normally software firewall actually provide better features than the hardware firewall counterparts.
So called "hardware" firewalls have an OS too, infact most of the bigger Cisco ones run IOS on older Pentium hardware because it's cheap and fast. You have to be just as dilligent about security, but in general there's less software available so there's less things to go wrong. I mean why in the hell would you want a copy of IE on your firewall?
Home Automation & Networking eBook
Re:There are actually a lot of things you can do with a PIX, and most likely a SonicWall that aren't real obvious when looking at the product specs.
The reason for this is that a lot of funtionality isn't integrated as closely with the hardware firewalls, making you do a bit more work in order to expose it.
In example, ISA makes it really easy to enable user-based access to the web as well as user based logging. It's simple because it's just another Windows box accessing your domain.
On the other hand, with a PIX, you can enable the same sort of thing, but you'll have to set up external software on a Windows/UNIX box to do the user authentication and logging by attaching to the PIX to get information from it.
I'm sure that you can do anything with a PIX or a Sonicwall that you can do with ISA, it just might not be as easy/obvious.
Extra Strength Social Networking – Sale Price
Re:One thing with sotware firewall is that its OS vulnerability can be a big problem. Other than that though, normally software firewall actually provide better features than the hardware firewall counterparts.
Digital Product Creators
Re:I will always go with a hardware firewall over a "software" firewall because of the hardened hardware factor, at least in an enterprise environment…just my opinion though.
0 Comments.