--===============1601123378==
Content-Type: multipart/alternative;
boundary="----=_Part_216851_11170607.1166212134988"

------=_Part_216851_11170607.1166212134988
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Mike,

I doubt you're going to find much of a downside. While working for one of
the larger MSSP's we deployed lots of the different firewalls for hundreds
of different companies. As a result Netscreens are my favorite firewall,
especially the ISG's. They're sick. Pix's are cool too but for any kind of
deep packet inspection (and not a proxy) you have to go to with Netscreens
or checkpoints... and Netscreens support doesn't suck and the configuration
is a text file. ISG's with IDP modules allow you to send certain traffic to
the IDP for analysis per rule! The only thing I think is kind of nuts is
that you can factory reset a Netscreen by logging in with the serial number
as the user name and password. This is an idp hack but... its still really
cool.... albeit old.

http://web.archive.org/web/200405281...netscreen.html

Ez.

Jonathan Sabo


On 12/15/06, Mike LeBlanc wrote:
>
> All,
> I'm looking for guidance on vulnerabilities/downsides to the Netscreen
> firewalls. I am
> not looking to start a flamefest on Netscreen but simply am looking for
> the
> downside.
> We currently are a cisco pix shop and have monitoring and change
> management
> built
> around cisco. I have done a google on Netscreen vulnerabilities and
> issues
> but
> didn't find much current data. Any information is appreciated in advance,
> including
> links to current data. Additionally if you have personal expereince,
> positive or
> negative, with Netscreen I would like to hear it.. off list if so desired.
>
> Thanks in advance for any information you can provide,
>
> Mike LeBlanc, CISSP
> VP/Infosec officer for multinational bank
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>


------=_Part_216851_11170607.1166212134988
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Mike,

I doubt you're going to find much of a downside.  While working for one of the larger MSSP's we deployed lots of the different firewalls for hundreds of different companies.  As a result Netscreens are my favorite firewall, especially the ISG's.  They're sick.  Pix's are cool too but for any kind of deep packet inspection (and not a proxy) you have to go to with Netscreens or checkpoints...  and Netscreens support doesn't suck and the configuration is a text file.  ISG's with IDP modules allow you to send certain traffic to the IDP for analysis per rule!  The only thing I think is kind of nuts is that you can factory reset a Netscreen by logging in with the serial number as the user name and password.  This is an idp hack but... its still really cool.... albeit old.


http://web.archive.org/web/20040528165427/hack3rs.org/~nahual/netscreen.html

Ez.

Jonathan Sabo
 


On 12/15/06, Mike LeBlanc <mlinfosec@comcast.net> wrote:

All,
I'm looking for guidance on vulnerabilities/downsides to the Netscreen
firewalls.  I am
not looking to start a flamefest on Netscreen but simply am looking for the
downside.
We currently are a cisco pix shop and have monitoring and change management

built
around cisco.  I have done a google on Netscreen vulnerabilities and issues
but
didn't find much current data.  Any information is appreciated in advance,
including
links to current data.  Additionally if you have personal expereince,

positive or
negative, with Netscreen I would like to hear it.. off list if so desired.

Thanks in advance for any information you can provide,

Mike LeBlanc, CISSP
VP/Infosec officer for multinational bank


_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com

https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




------=_Part_216851_11170607.1166212134988--

--===============1601123378==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1601123378==--