Microsoft ISA server VS Sonicwall Pro 300/PIX 515

azev

Golden Member
Jan 27, 2001
1,003
0
76
According to the spec sheet ISA server seems to offer a lot more than its hardware based firewall counterpart.
I wonder if any of you have used this software in a large production networks ?? If you have, how is it ??
I just like to do a little research about software firewall in large enterprises.

Thanks
 

ITJunkie

Platinum Member
Apr 17, 2003
2,512
0
76
www.techange.com
I will always go with a hardware firewall over a "software" firewall because of the hardened hardware factor, at least in an enterprise environment...just my opinion though.
 

azev

Golden Member
Jan 27, 2001
1,003
0
76
One thing with sotware firewall is that its OS vulnerability can be a big problem. Other than that though, normally software firewall actually provide better features than the hardware firewall counterparts.
 

MysticLlama

Golden Member
Sep 19, 2000
1,003
0
0
There are actually a lot of things you can do with a PIX, and most likely a SonicWall that aren't real obvious when looking at the product specs.

The reason for this is that a lot of funtionality isn't integrated as closely with the hardware firewalls, making you do a bit more work in order to expose it.

In example, ISA makes it really easy to enable user-based access to the web as well as user based logging. It's simple because it's just another Windows box accessing your domain.

On the other hand, with a PIX, you can enable the same sort of thing, but you'll have to set up external software on a Windows/UNIX box to do the user authentication and logging by attaching to the PIX to get information from it.

I'm sure that you can do anything with a PIX or a Sonicwall that you can do with ISA, it just might not be as easy/obvious.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
One thing with sotware firewall is that its OS vulnerability can be a big problem. Other than that though, normally software firewall actually provide better features than the hardware firewall counterparts.

So called "hardware" firewalls have an OS too, infact most of the bigger Cisco ones run IOS on older Pentium hardware because it's cheap and fast. You have to be just as dilligent about security, but in general there's less software available so there's less things to go wrong. I mean why in the hell would you want a copy of IE on your firewall?
 

cmetz

Platinum Member
Nov 13, 2001
2,296
0
0
azev, a firewall is a trusted component in your network. You are trusting it to enforce a certain policy with respect to traffic through it - that is, provide no more or less service than you specify. A key question to ask about any firewall is: can you trust it? Formally speaking, the answer for all firewall products is no, but informally speaking, it comes down to the confidence level you have in the vendor and the product, which in turn often comes down to reputation.

What's Microsoft's reputation on security? Abysmal.
Cisco's? Okay.
SonicWall's? Okay. Not as well proven as Cisco.

I will never willingly put Microsoft anything into my network. I can't trust it. It's a security disaster. It's a reliability disaster. Been there, done that, been burned, ain't going back.

Cisco isn't perfect, but they're very widely deployed and reasonably good about responding to security problems fast. A lot of people whose opinions I trust and my own operational experience is that Cisco's equipment can be made to work well enough.

SonicWALL has a more limited user base than Cisco and is therefore less proven. From what I've seen and read, they seem on par with Cisco in terms of trustworthiness, maybe slightly below because of who uses/tests Cisco PIX vs. SonicWALL (there are many PIX customers who are very hard core about lab testing and won't buy until issues are fixed - that forces Cisco to improve the quality of their product).

If it were me picking, I'd pick PIX, no question.

Nothinman, the PIX line runs its own OS, which has a vaguely IOS-like CLI grafted on it.