The best firewall is ....

Specifications

Product/Model SG710 FortiGate 200A ISG1000 Brick 150
Company Cyberguard Fortinet Juniper Networks Lucent Technologies
Phone 07 3435 2888 02 8923 2555 02 8913 9800 02 9491 6500
Web Site www.cyberguard.com www.fortinet.com www.juniper.net www.lucent.com/security
Price (as tested) AU$4490 AU$12,580 AU$33,000 AU$3113
Product price range AU$499 - $6250 AU$1000 - $100,000 N/A AU$1868 - $3113
Warranty 1 year 1 year 1 year 1 year
E-mail support 24 hours 24 hours Web support available  
Phone support Business hours $743 for 8 x 5 Phone support available  
Form factor 483 rackmount 44 x 432 x 270 13 x 44 x 58 45 x 279 x 182
Security certifications ICSA, VPNC Conformance and Interoperability AV, VPN, Firewall & IDS/IDP FCC class A, CE class A,
C-Tick, VCCI class A		 ICSA V4.0 Firewall Certified , ICSA V1.0B IPSec Certified
Number of user configurable Ethernet ports 4 network segments (2 x 4 port switches. All 10/100) 5 4 fixed 10/100/1000 4 10/100 Base-TX Ethernet Ports
Number of fixed Ethernet ports trusted Untrusted, trusted or DMZs configurable configurable configurable
Number of fixed Ethernet ports untrusted Untrusted, trusted or DMZs configurable configurable configurable
Number of fixed Ethernet ports DMZ Untrusted, trusted or DMZs configurable configurable configurable
Other ports Serial port for config or dial out for back up internet 1 x Console + 2 x USB Console / Modem SVGA video, DB9 serial, Parellel, 2 x USB
Network Address Translation Yes Yes Yes Yes
Packet filtering Yes Yes Yes Yes
Stateful inspection Yes Yes Yes Yes
Application proxy No Yes No Yes
Policy based traffic routing Yes Yes Yes Yes
QoS support Yes Yes Yes Yes
VLAN support Yes Yes Yes Yes
Max. port throughput while firewalling (Mb/sec) 300 150 WireSpeed to device maximum 334
Max. sessions TCP 100,000 and UDP 150,000 400,000 250,000 245,000
Monitoring methods Web, CMS, SNMP Fortimanager appliance CMS, Web client SNMP, Console, Telnet, SSH, SYSLOG, CMS Via Security Management Server Navigator and Remote Navigator
Reporting methods SNMP, Syslog, SMTP Fortilog, Syslog, SNMP, WELF SNMP, Console, Telnet, SSH, SYSLOG, Security Manager SNMP, Syslog, SMTP, direct page, console message
Management method(s) HTTP, HTTPS, telnet, SSH, CMS Fortimanager appliance, SSL, SSH. SNMP, Console, Telnet, SSH, HTTP, SSL, Security Manager Management Server, Remote Navigator, LSMS CLI
VPN support Yes Yes Yes Yes
VPN encryption DES, 3DES, AES PPTP, L2TP, IPSec, DES, 3DES, AES DES, 3DES, AES DES, 3DES, AES
VPN DES speed (Mb/sec) 42 N/A 1Gbps 150
VPN 3DES speed (Mb/sec) 42 70 1Gbps 150
VPN AES speed (Mb/sec) 42 N/A 1Gbps N/A
Other option(s) Snort IDS, Squid Proxy/cache, NASL, failover, Clam AV, Mailshell AS and HA IDS/IDP, Antivirus, Dynamic Routing (Rip, OSPF, BGP), Anti-spam, Content Filtering, Traffic Shaping, Diffserv, IDP optional, Deep inspection included IDS/IPS, others via Lucent Proxy Agent are Anti-Virus, Content/URL filtering

 

FVX538 RM-300 PRO 5060c SGS 5420 Firebox X1000
Netgear Network Box SonicWALL Symantec WatchGuard
1800 502 061 1800 638 269 02 9006 7914 02 8879 1041 02 8912 2199
www.netgear.com.au www.network-box.com.au www.sonicwall.com www.symantec.com www.watchguard.com
$879 $15,840 $18,849 $6600 - $11,000 $5885
  $6325 upwards $18,849 - $21,420   $12,100 - $31,020
3 years Full replacement for length of service contract. 1 year 3 year 1 year
24 hours 8 x 5 Web Included in managed service Free 2 incidents, 5 more when you renew contract
24 x 7, free Included in managed service. Included in managed service. Platinum - one year $800-1100 2 incidents, 5 more when you renew contract
44 x 330 x 203 2U Rackmount 445 x 431 x 412 445 x 438 x 438 45 x 426 x 240
Radius client/ Groups and Hosts N/A - Managed service. ICSA Firewall, ICSA VPN, FIPS ELA4 Plus Augumented ISCA Firewall and Ipsec Certified
8 4 to 13 6 6 6
8 configurable configurable 5 1 initially, but user configurable
8 configurable configurable 1 to 5 configurable 1 initially, but user configurable
1 configurable configurable 1 to 5 configurable 1 initially, but user configurable
Console N/A Console USB, serial port console port
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes No Yes Yes
Yes Yes Yes Yes Yes
Yes Yes Yes limited Yes
No Yes Yes Available with V3 Code No
90 95 1000 200 240
200 Simulataneous VPN Tunnels 600,000 750,000 Concurrent Connections 64000 200,000 Sessions
Web, Hypertrm Web-based reporting and centralised monitoring - managed service. Web, e-mail notification, GMS, Viewpoint Web Based SSL Java Client, Client App
SNMP, Web-based, SMTP syslog, SNMP, SMTP Internal logging, Extended SSL, SESA. SNMP, Syslog, SMTP, windows popup
Web, Hyperterminal Centralised management HTTP, HTTPS, GMS Web Based SSL Java Client Client App
Yes Yes Yes Yes  
3DES, AES IPsec, L2TP, PPTP, GRE, DES, 3DES, AES, CAST, Blowfish, Serpent, Twofish. DES, 3DES, AES AES, 3DES, DES, IPSEC, SHA1, MD5 DES, 3DES, AES
80 82 500 140 100
80 82 500 90 100
80 89 500 30 100
Anti-virus (Trend Micro) IDP, anti-virus, SPAM filtering, web content filtering IPS/IDS Gateway Anti-Virus, Anti-Spyware, RBL, Content Filtering AV, IDS, CF,IPS, HA/LB, IDS Gateway Antivirus, IPS, Web filtering
< Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Next >

Talkback 26 comments

    Checkpoint Anonymous -- 09/08/05

    How can you test all firewalls and leave the marketleader out ? All these are toys ! :)checkpoint rules

    Hardware firewalls Craig Ringer -- 10/08/05

    This review appears limited to dedicated hardware firewalls.

    That's not the extent of the offerings available. In particular, *BSD and Linux have very useful built-in firewalls that can be used to protect a network. You spend more time setting it up, but get more control and pay less for the hardware.

    There are NO such things as Hardware Firewalls Craig S Wright -- 05/09/05 (in reply to #120120028)

    There are NO such things as Hardware Firewalls

    Just pre-packaged boxes. Even the PIX is just an Intel based host with an OS

    Rubbish... Anonymous -- 15/10/05 (in reply to #120120706)

    The Juniper range contain dedicated purpose built chips.

    Hardware Firewalls Donovan Marsden -- 21/05/07 (in reply to #120120706)

    There are such things as hardware firewalls This prepackaged boxes contain firmware (hardware) not software so hardware firewalls refers to media. Not to mention that all it's electronics are dedicated to the firewall job!

    Mr. Craig Wright.... U. R. Stupid -- 14/08/09 (in reply to #120120706)

    .....equates to an idiot!

    ISA Firewall? Anonymous -- 15/08/05

    Excuse me, but where was the ISA firewall in your test? Was there a reason for leaving the ISA firewall out?

    ISA Firewall? Anonymous -- 15/08/05

    Excuse me, but where was the ISA firewall in your test? Was there a reason for leaving the ISA firewall out?

    Talk is only about Hardware firewall. Vijay -- 18/05/07 (in reply to #120120153)

    here the talk is only about the hardware firewall not about the software firewall...

    ISA 2000 till 2006 plays good role in application layer firewalls, when u talk about the hardware level, packet filtering and ip spoofing etc we need to go for hardware based firewall...

    ISA Appliances Gladys I. Rodriguez -- 03/08/07 (in reply to #320079571)

    I think everyone forgets that ISA is also is also sold as an appliance: http://www.microsoft.com/isaserver/howtobuy/hardwaresolutions.mspx, because people say well in runs on top of Windows OS. But Cisco runs on top of their IOS, Juniper has DX OS, WatchGuard has Firebox X, etc. Microsoft just provides the extra control for what type of box the users choose to run their Firewall.

    Why didn't you guys include th ...Anonymous -- 22/08/05

    Why didn't you guys include the Check Point offering in your comparison of Firewall products? They have a very good end to end security offering and they play very hard in the enterprise space (and have also brought the same technology down to the mid tier and SMB products as well)

    Astaro Firewall not listed?! Anonymous -- 29/08/05

    I can't believe you would do a round up with out including Astaro Firewalls in the mix. They are by far the most powerful and flexible for business.

    www.astaro.com

    Cisco Anonymous -- 29/08/05

    WHAT ABOUT CISCO'S PIX???

    No Kickbacks from the Big Guns! Anonymous -- 08/09/05

    noice, no checkpoint, pix nor isa. What creditability does this mag have?

    Software firewall packages Anonymous -- 25/11/05

    would have been nice to see products like smoothwall, included.

    Checkpoint Anonymous -- 09/07/07

    I'm glad some of you are getting Checkpoint to work. I can't get onto the net, firmware upgrades have now prevented me from talking to the firewall. I using a $10 hub, seems to work better. Asking for an RMA right now.

    Sonic What, Watchguard!?!?! Anonymous -- 04/09/07

    Can't believe watchguard was even mentioned this cannot even be compared to the likes of Juniper ISG, Checkpoint and ASA/PIX in a corporate environment.

    AS
    Sell my house
    www.cheshiremoves.com

    Symantec Anonymous -- 11/10/07

    Has anyone ever tried to contact Symantec about the Symantec SGS 5420?

    I've tried many times and no one there knows anything about it - they just transfer me to some guy in an Indian call centre trying to sell me antivirus!!!!!!!!!!!!!!!!!!

    anyone got a real number to call?

    Cheers

    Justin

    Symantec support Anonymous -- 18/02/08 (in reply to #320087646)

    Dont waste your time, they are dropping firewall support in 2009.

    Symantec SGS - What to do with old box? Anonymous -- 27/09/08 (in reply to #320087646)

    We have SGS v3.x appliance which will be retired next year. Is it possible to install some thing like 'Astaro' into the box since Symantec only believes in 'end-point' security?

    no Cisco? Anonymous -- 29/05/08

    there are probably more Cisco firewalls installed in the world than all other brands combined. Not to say Cisco firewalls are the best, but to ignore the biggest player?
    btw, I have ASA 5505 at home, loving it.

    Cisco ASA 5505 Anonymous -- 25/06/08

    Most of us can't afford a $600+ firewall at home.

    Cisco are behind... A. NetworkAdmin -- 09/05/09 (in reply to #320104946)

    Cisco waited too long to re-code their IOS to support deep packet inspection (all 7 layers) and left other players take the lead in the market. This doesn't mean you should get rid of your faithfull PIX, but if a PIX was to break (which is not often), I would shop for another brand. If the criterias of the survey is that they must have DPI, then Cisco is behind in the race.

    Good Firewall, {The Best} Pat Cormier -- 12/10/08

    Why don't someone mention [Sunbelt Kerio Personal Firewall} I've been using it for years, and I find it better than any of the rest.

    Checkpoint - Market Leader Anonymous -- 21/03/09

    I ditto the comments already made. I have worked with no less than ten firewall vendors over the past 15 years for financial and ecommerce firms - yet there was no mention or testing with certain market leading products?

    Checkpoint is the worldwide market leader for enterprise firewalls. They weren't even mentioned? They make both appliance as well as software (for several platforms) so they could have been included in several categories. Cisco PIX was also not mentioned (though while inexpensive is inferior to Juniper and Checkpoint products).

    ISA is not as full-featured as many but since its software only I can see why they didnt test it. Simply put - you will rarely see any of the firewalls they did mention protecting significant assets, for too many reasons to include here.

Add your opinion

Back to top

Featured