Re: Cisco IOS against other Firewalls

dave.fisher · ‎03-13-2002

I have a potential customer to whom I am trying to pitch using IOS for their network firewall. I have found out that I am up against WatchGuard FireBox and Lucent VPN Brick. Does anyone have any experience of these, and what are your experiences? If anyone knows of any good "magic bullets" I can use against these products, it would be greatly appreciated.

l.byford · ‎03-14-2002

Consider a PIX model as it is an appliance, similar in features and performance to Firebox. Review of Firewalls in Network News. PIX gets well received although Cisco submitted late so the Netscreen won!

http://www.networknews.co.uk/Products/Hardware/1129400

dave.fisher · ‎03-14-2002

Thanks for the URL, Lee. It made for useful reading.

My problem, however, is that FireBox and PIX are very similar in terms of functionality, whilst Lucent's kit seems to beat the two of them. The advantage over Lucent is clearly a case of "Lucent who? Do they make firewalls?", whilst the advantage of using IOS is cost - the customer already has a Cisco routed network that I can use IOS over. If I can show that IOS gives a comparable level of protection, then it should be a breeze.

This brings us into the Dedicated Firewall v Router with Filtering argument. There are a couple of other threads on this forum regarding this, but nothing more than personal opinion seems to indicate that IOS is as good as a separate firewall unit. Then I would be home and dry, but this is not as simple as at seems, given the other suppliers have already pitched this argument with a reasonable degree of success.

If you have ANY ammo that I could use against the WatchGuard and Lucent firewalls, then it will at least give me a way into the argument. Or anything more than anecdotal evidence that IOS can beat a standalone dedicated firewall... please!