- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: PIX vs. Netscreen posted 03/25/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Let me turn my badge over and state that is is my opinion and not the
opinion of my employer:

Make sure you read some of those 'shootouts' with a grain of salt...

There are companies in the industry that are known to make the company that
is paying for the test the winner in the results.

I forget who said it... There are 3 kinds of lies: Lies, Damn Lies, and

In other words, check multiple sources and look for packet flows
strangeness... Like how many of your packets are really 64byte packets? How
many are full size? How many are jumbo? What is a 'real world test'?

If you understand your environment and understand the test metrics, it is
easy to see the smoke & mirrors in the test results.


Note: I didn't slam any company out there... I didn't say one was better
than the other... All I said was do your homework before you believe the
test results. I'm not trying to start a war here on the mail list ;)


-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Chris Larson
Sent: Thursday, March 25, 2004 1:16 PM
To: Wright, Jeremy; security@xxxxxxxxxxxxxx
Cc: ccielab@xxxxxxxxxxxxxx
Subject: RE: PIX vs. Netscreen

It has been some time since I have worked with Netscreen, but I have noticed
they continually beat out competition including Cisco in most firewall
"shootouts". I am concerned about Juniper now owning them as Juniper has no
experience in the firewall/security market but that is probably minor... who
The netscreen is gui through a browser, lacks (or did) any good debugging
for troubleshooting but is very simple. If you understand the basics of
firewalling and VPN this is very easy to deploy. At the time Netscreen was
about to introduce the 1000 that was vlan aware. Of course now so is the
FWSM but. I think the netscreen is an excellent and easy to use product for
its pricing that apparently outperforms most other firewalls according to
independant "shootouts".. I would imagine that has to do with the design
around ASICS rather then a processor. Price to performance, you prolly can't
beat it. Feature wise though it may be lacking.... 
Chris #12380

	-----Original Message----- 
	From: Wright, Jeremy [mailto:wright@xxxxxxxxxxxx] 
	Sent: Wed 3/24/2004 11:35 AM 
	To: 'security@xxxxxxxxxxxxxx' 
	Cc: 'ccielab@xxxxxxxxxxxxxx' 
	Subject: PIX vs. Netscreen

	Has anyone had experience with both of these products? If so, what
are the advantages/disadvantages of both? Thanks.
	              Jeremy Wright
	              CCIE# 11168
	              Network Engineer
	              Archer Daniels Midland
	        This message is intended for the use of the individual or
entity to which it is addressed and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If the reader of this message is not the intended recipient or the employee
or agent responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited.
	        If you have received this communication in error, please
notify us immediately by email reply or by telephone and immediately delete
this message and any attachments.  In the U.S. call us toll free at (800)
	        Spanish, French, French (Canada), Portuguese, Polish,
German, Dutch, Turkish, Russian, Japanese and Chinese: