--On Friday, December 15, 2006 12:43 PM -0500 Mike LeBlanc

> All,
> I'm looking for guidance on vulnerabilities/downsides to the Netscreen
> firewalls. I am
> not looking to start a flamefest on Netscreen but simply am looking for
> the downside.
> We currently are a cisco pix shop and have monitoring and change
> management built
> around cisco. I have done a google on Netscreen vulnerabilities and
> issues but
> didn't find much current data. Any information is appreciated in advance,
> including
> links to current data. Additionally if you have personal expereince,
> positive or
> negative, with Netscreen I would like to hear it.. off list if so desired.
> Thanks in advance for any information you can provide,
> Mike LeBlanc, CISSP
> VP/Infosec officer for multinational bank

Having done firewall evaluations for several multinational banks, NetScreen
is pretty much the best thing out there in packet filter land. Much better
than FW-1 and PIX, especially under heavy load. They're not perfect by any
means, but they have the best virtual firewall support I've seen, which
makes them great for consolidation projects or compartmentalizing your
rules to lower operational risk. They're routing support is pretty good as
well - if you have ethernet demarc'd WAN connections you can avoid paying
for a separate routing tier in many cases.

firewall-wizards mailing list