The best firewall is ....

Specifications

Product/Model SG710 FortiGate 200A ISG1000 Brick 150
Company Cyberguard Fortinet Juniper Networks Lucent Technologies
Phone 07 3435 2888 02 8923 2555 02 8913 9800 02 9491 6500
Web Site www.cyberguard.com www.fortinet.com www.juniper.net www.lucent.com/security
Price (as tested) AU$4490 AU$12,580 AU$33,000 AU$3113
Product price range AU$499 - $6250 AU$1000 - $100,000 N/A AU$1868 - $3113
Warranty 1 year 1 year 1 year 1 year
E-mail support 24 hours 24 hours Web support available  
Phone support Business hours $743 for 8 x 5 Phone support available  
Form factor 483 rackmount 44 x 432 x 270 13 x 44 x 58 45 x 279 x 182
Security certifications ICSA, VPNC Conformance and Interoperability AV, VPN, Firewall & IDS/IDP FCC class A, CE class A,
C-Tick, VCCI class A		 ICSA V4.0 Firewall Certified , ICSA V1.0B IPSec Certified
Number of user configurable Ethernet ports 4 network segments (2 x 4 port switches. All 10/100) 5 4 fixed 10/100/1000 4 10/100 Base-TX Ethernet Ports
Number of fixed Ethernet ports trusted Untrusted, trusted or DMZs configurable configurable configurable
Number of fixed Ethernet ports untrusted Untrusted, trusted or DMZs configurable configurable configurable
Number of fixed Ethernet ports DMZ Untrusted, trusted or DMZs configurable configurable configurable
Other ports Serial port for config or dial out for back up internet 1 x Console + 2 x USB Console / Modem SVGA video, DB9 serial, Parellel, 2 x USB
Network Address Translation Yes Yes Yes Yes
Packet filtering Yes Yes Yes Yes
Stateful inspection Yes Yes Yes Yes
Application proxy No Yes No Yes
Policy based traffic routing Yes Yes Yes Yes
QoS support Yes Yes Yes Yes
VLAN support Yes Yes Yes Yes
Max. port throughput while firewalling (Mb/sec) 300 150 WireSpeed to device maximum 334
Max. sessions TCP 100,000 and UDP 150,000 400,000 250,000 245,000
Monitoring methods Web, CMS, SNMP Fortimanager appliance CMS, Web client SNMP, Console, Telnet, SSH, SYSLOG, CMS Via Security Management Server Navigator and Remote Navigator
Reporting methods SNMP, Syslog, SMTP Fortilog, Syslog, SNMP, WELF SNMP, Console, Telnet, SSH, SYSLOG, Security Manager SNMP, Syslog, SMTP, direct page, console message
Management method(s) HTTP, HTTPS, telnet, SSH, CMS Fortimanager appliance, SSL, SSH. SNMP, Console, Telnet, SSH, HTTP, SSL, Security Manager Management Server, Remote Navigator, LSMS CLI
VPN support Yes Yes Yes Yes
VPN encryption DES, 3DES, AES PPTP, L2TP, IPSec, DES, 3DES, AES DES, 3DES, AES DES, 3DES, AES
VPN DES speed (Mb/sec) 42 N/A 1Gbps 150
VPN 3DES speed (Mb/sec) 42 70 1Gbps 150
VPN AES speed (Mb/sec) 42 N/A 1Gbps N/A
Other option(s) Snort IDS, Squid Proxy/cache, NASL, failover, Clam AV, Mailshell AS and HA IDS/IDP, Antivirus, Dynamic Routing (Rip, OSPF, BGP), Anti-spam, Content Filtering, Traffic Shaping, Diffserv, IDP optional, Deep inspection included IDS/IPS, others via Lucent Proxy Agent are Anti-Virus, Content/URL filtering

 

FVX538 RM-300 PRO 5060c SGS 5420 Firebox X1000
Netgear Network Box SonicWALL Symantec WatchGuard
1800 502 061 1800 638 269 02 9006 7914 02 8879 1041 02 8912 2199
www.netgear.com.au www.network-box.com.au www.sonicwall.com www.symantec.com www.watchguard.com
$879 $15,840 $18,849 $6600 - $11,000 $5885
  $6325 upwards $18,849 - $21,420   $12,100 - $31,020
3 years Full replacement for length of service contract. 1 year 3 year 1 year
24 hours 8 x 5 Web Included in managed service Free 2 incidents, 5 more when you renew contract
24 x 7, free Included in managed service. Included in managed service. Platinum - one year $800-1100 2 incidents, 5 more when you renew contract
44 x 330 x 203 2U Rackmount 445 x 431 x 412 445 x 438 x 438 45 x 426 x 240
Radius client/ Groups and Hosts N/A - Managed service. ICSA Firewall, ICSA VPN, FIPS ELA4 Plus Augumented ISCA Firewall and Ipsec Certified
8 4 to 13 6 6 6
8 configurable configurable 5 1 initially, but user configurable
8 configurable configurable 1 to 5 configurable 1 initially, but user configurable
1 configurable configurable 1 to 5 configurable 1 initially, but user configurable
Console N/A Console USB, serial port console port
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes
Yes Yes No Yes Yes
Yes Yes Yes Yes Yes
Yes Yes Yes limited Yes
No Yes Yes Available with V3 Code No
90 95 1000 200 240
200 Simulataneous VPN Tunnels 600,000 750,000 Concurrent Connections 64000 200,000 Sessions
Web, Hypertrm Web-based reporting and centralised monitoring - managed service. Web, e-mail notification, GMS, Viewpoint Web Based SSL Java Client, Client App
SNMP, Web-based, SMTP syslog, SNMP, SMTP Internal logging, Extended SSL, SESA. SNMP, Syslog, SMTP, windows popup
Web, Hyperterminal Centralised management HTTP, HTTPS, GMS Web Based SSL Java Client Client App
Yes Yes Yes Yes  
3DES, AES IPsec, L2TP, PPTP, GRE, DES, 3DES, AES, CAST, Blowfish, Serpent, Twofish. DES, 3DES, AES AES, 3DES, DES, IPSEC, SHA1, MD5 DES, 3DES, AES
80 82 500 140 100
80 82 500 90 100
80 89 500 30 100
Anti-virus (Trend Micro) IDP, anti-virus, SPAM filtering, web content filtering IPS/IDS Gateway Anti-Virus, Anti-Spyware, RBL, Content Filtering AV, IDS, CF,IPS, HA/LB, IDS Gateway Antivirus, IPS, Web filtering
< Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Next >

Like this article? Click below to send it to your mobile for free!

Talkback 22 comments

  1. Checkpoint Anonymous -- 09/08/05

    How can you test all firewalls and leave the marketleader out ? All these are toys ! :)checkpoint rules

  2. Hardware firewalls Craig Ringer -- 10/08/05

    This review appears limited to dedicated hardware firewalls.

    That's not the extent of the offerings available. In particular, *BSD and Linux have very useful built-in firewalls that can be used to protect a network. You spend more time setting it up, but get more control and pay less for the hardware.

    1. There are NO such things as Hardware Firewalls Craig S Wright -- 05/09/05

      There are NO such things as Hardware Firewalls

      Just pre-packaged boxes. Even the PIX is just an Intel based host with an OS

    2. Rubbish... Anonymous -- 15/10/05

      The Juniper range contain dedicated purpose built chips.

    3. Hardware Firewalls Donovan Marsden -- 21/05/07

      There are such things as hardware firewalls This prepackaged boxes contain firmware (hardware) not software so hardware firewalls refers to media. Not to mention that all it's electronics are dedicated to the firewall job!

  3. ISA Firewall? Anonymous -- 15/08/05

    Excuse me, but where was the ISA firewall in your test? Was there a reason for leaving the ISA firewall out?

  4. ISA Firewall? Anonymous -- 15/08/05

    Excuse me, but where was the ISA firewall in your test? Was there a reason for leaving the ISA firewall out?

    1. Talk is only about Hardware firewall. Vijay -- 18/05/07

      here the talk is only about the hardware firewall not about the software firewall...

      ISA 2000 till 2006 plays good role in application layer firewalls, when u talk about the hardware level, packet filtering and ip spoofing etc we need to go for hardware based firewall...

    2. ISA Appliances Gladys I. Rodriguez -- 03/08/07

      I think everyone forgets that ISA is also is also sold as an appliance: http://www.microsoft.com/isaserver/howtobuy/hardwaresolutions.mspx, because people say well in runs on top of Windows OS. But Cisco runs on top of their IOS, Juniper has DX OS, WatchGuard has Firebox X, etc. Microsoft just provides the extra control for what type of box the users choose to run their Firewall.

  5. Why didn't you guys include the Check Point offering in your comparison of Firewall products? They have a very good end to end security offering and they play very hard in the enterprise space (and have also brought the same technology down to the mid tie Anonymous -- 22/08/05

    Why didn't you guys include the Check Point offering in your comparison of Firewall products? They have a very good end to end security offering and they play very hard in the enterprise space (and have also brought the same technology down to the mid tier and SMB products as well)

  6. Astaro Firewall not listed?! Anonymous -- 29/08/05

    I can't believe you would do a round up with out including Astaro Firewalls in the mix. They are by far the most powerful and flexible for business.

    www.astaro.com

  7. Cisco Anonymous -- 29/08/05

    WHAT ABOUT CISCO'S PIX???

  8. No Kickbacks from the Big Guns! Anonymous -- 08/09/05

    noice, no checkpoint, pix nor isa. What creditability does this mag have?

  9. Derek Jolowisz Anonymous -- 29/09/05

    :-)

  10. Software firewall packages Anonymous -- 25/11/05

    would have been nice to see products like smoothwall, included.

  11. Checkpoint Anonymous -- 09/07/07

    I'm glad some of you are getting Checkpoint to work. I can't get onto the net, firmware upgrades have now prevented me from talking to the firewall. I using a $10 hub, seems to work better. Asking for an RMA right now.

  12. Sonic What, Watchguard!?!?! Anonymous -- 04/09/07

    Can't believe watchguard was even mentioned this cannot even be compared to the likes of Juniper ISG, Checkpoint and ASA/PIX in a corporate environment.

    AS
    Sell my house
    www.cheshiremoves.com

  13. Symantec Anonymous -- 11/10/07

    Has anyone ever tried to contact Symantec about the Symantec SGS 5420?

    I've tried many times and no one there knows anything about it - they just transfer me to some guy in an Indian call centre trying to sell me antivirus!!!!!!!!!!!!!!!!!!

    anyone got a real number to call?

    Cheers

    Justin

    1. Symantec support Anonymous -- 18/02/08

      Dont waste your time, they are dropping firewall support in 2009.

    2. Symantec SGS - What to do with old box? Anonymous -- 27/09/08

      We have SGS v3.x appliance which will be retired next year. Is it possible to install some thing like 'Astaro' into the box since Symantec only believes in 'end-point' security?

  14. no Cisco? Anonymous -- 29/05/08

    there are probably more Cisco firewalls installed in the world than all other brands combined. Not to say Cisco firewalls are the best, but to ignore the biggest player?
    btw, I have ASA 5505 at home, loving it.

  15. Cisco ASA 5505 Anonymous -- 25/06/08

    Most of us can't afford a $600+ firewall at home.

Add your opinion


Back to top

Featured