General discussion


Firewall Selection

By bradeso ·
I work for a company of around 50 employees, and we are looking to change our firewall. We are looking at Watchguard Firebox X8000, Fortinet Fortigate 300A/500A, Cisco PIX 525/535 and Cisco ASA 5520/5540. Just looking for any comments for or against any of these products. Any help would be appreciated.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by jmgarvin In reply to Firewall Selection

I'd pick up the PIX.

Collapse -

by ccthompson In reply to Firewall Selection

I would also go with the PIX, Cisco has very good documentation and support for thier products, I would pick Cisco Pix.

Collapse -

by tommymcbrayer In reply to Firewall Selection

Hmmmm since I am a CISCO Bigot I would say the PIX, however for the size of company you described the 525/535 is over kill. I would suggest the 506E and if you really are wanting to spend money then the 515E would be more than enough horsepower.


Collapse -

by CG IT In reply to Firewall Selection

TrendMicro has a good appliance and Symantec has one as well. Alternatives to the PIX.

Collapse -

by jt In reply to Firewall Selection

I never was a fan of PIX due to it's poor standard throughput
(VPN and encrypted throughput on PIX is actually quite good).
I'm not particularily anti cisco, but there are dozens of other
products out there at a better price point with much better
features and performance. I do like the interface but hate the
way you have to hack at it to get real Egress (outbound) filtering.
A firewall that doesnt do egress properly and easily is useless in
my book. Keep in mind that almost any product if configured
correctly will keep you secure.

I would personally go with the firebox in this line up. However
netscreen makes a wonderful product as well. You may also
look into a more integrated appliance product such as
tippingpoints IPS systems or the barracuda spam firewall
depending on your needs.

The best rule of thumb I can give you is to look for something
that supports the throughput you need, egress filtering, has an
interface that you like, and a good patch/support policy (cisco
wins in the support area hands down). Look at features, if you
need VPN and proxy support you may want to pick a device that
excels in those areas (watchguard for proxy / logging, and cisco
for VPN).

I cant stress throughput enough however, watching connections
get bumped or latency rise because you didnt pick the right
firewall is a bad bad problem to have.

Collapse -

by scott In reply to Firewall Selection

Agree - I would go with the firebox for the proxies / logging, although with 50 employees I would opt for the Firebox X1000 which is more than capable.

The NetScreen 25 is also worth consideration

Collapse -

by Kryptos In reply to Firewall Selection

How critical is network security for your business?

To protect from general internet threats most firewall will do the job

watch guard, Fortinet, & ASA 55.. are in Unified Solution category (or All -in -one Box).
while Cisco PIX will be plain vanilla firewall.

IF you are looking at just firewall functionality then go ahead and pick up PIX

But Firewalls are not enough in current scenario.

watch guard and fortinet has lot of features , like AV, Anti-spam, Url filter, IDS etc.. Probably Fortinet will be slightly better than watchguard

Cisco ASA5500 is a new product in the market and don't have much info on it.

If you have serious security concerns look at ISS Proventia M Series which an Unified Security solutions. The IPS they have is one of the Best in the market.

Also size the firewall for your requirement... PIX 525\535 looks like an overkill for 50 user network


Collapse -

by dnguyen In reply to Firewall Selection

Cisco PIX 525 is more than what you need for 50 employees. With 500 employees, Cisco PIX 520 and NAT solutions have been working well for us. I strongly recommended. Darlene

Collapse -

by PSX In reply to Firewall Selection

What about Astaro's Security Linux?

I've been running a PIX515 for years but, in this virus/spam/malware-laden world, a vanilla firewall it just isn't cutting it anymore.

I am looking to purchase an all-in-one security appliance and is leaning heavily towards the Astaro ASG 220 with antispam/email virus and webfiltering/webav. We currently have about 60 nodes so the 220 should be fine. My problem is that I wanted to reuse my PIX515 and create a DMZ between the Astaro and the PIX.

How good is the Astaro versus PIX? How feasible is my plan? Any suggestion is welcomed.

Collapse -


by wizkid In reply to Firewall Selection

some things to think about:

While I won't endorse any of the suggested products I would say that if your going to look at a freeware(GPL) device like Fortinet I'd look at or as well. Their products are just as good and they didn't have to get sued to disclose that they are using GPL code as Fortinet did.

Personally I'd never buy a security product from a privately held company. I want a company that is accountable for their product and business practices I am trusting the security of my business(and job) to that company, plain and simple.

Let's boil it down:

Watchguard - Nice technology(UTM) good for SMB's also look to Sonicwall for a comparable solution.

Fortinet - Cheapest, UTM capabilities, open source code. Why not Juniper Netscreen?

Cisco PIX - exceptional support, which can never be taken too lightly. Older technology, not UTM.

Good luck in your decision.

Related Discussions

Related Forums