lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: lists-security at nettracers.com (Bryan K. Watson)
Subject: Netscreen 5GT Plus vs Fortigate-60

On Tue, 3 Aug 2004, ASB wrote:
>
> I've seen the demo at http://www.fortinet.com/demo but I'm looking for 
> real-world info regarding the effectiveness of the policies of the 
> Fortigate.  I've heard negative commentaries, but nothing that has 
> been substantiated to any degree.
>

Like Oliver Heinz, I work with both Netscreen and Fortigate...primarily in
the Small and Medium Business space up to a few hundred users.  I agree with
Oliver's statements and want to point out that there are some recent major
changes to both product lines that create some interesting competitive
features that make year old impressions and opinions obsolete.

Netscreen is now able to characterize certain aspects of the content streams
in order to stop for example, interactive traffic like SSH over port 80 when
port 80 should be http.  This is a lot like the Checkpoint "Application
Intelligence" that can stop SSL VPN's in their tracks and is a feature that
does not exist in the Fortigate units. 

The Fortinet Fortigate's rely on ASIC based pattern matching and rely on
signatures to catch bad traffic...these sigs are based on traffic content,
not traffic parameters.  Fortigate is now adding more pattern matching
capabilities with the addition of perl-like expression rules that users can
create.  And with the architecture of the Fortinet units - Intel CPU with
their specialized ASIC -  it is entirely possible that future releases will
look at other aspects of the data streams besides simply content (my
conjecture). 

Watch out when reading undetailed and unsubstantiated claims for any of
these products.  And, for those who don't know the history of these
companies, Ken Xie founded Netscreen and sold out his shares there to start
Fortinet (makes for interesting competition).  And with Juniper picking up
Netscreen, there will be many changes still ahead. 

Cheers,
-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Bryan K. Watson   -   InfoSec Consultant
- bwatson@...Tracers.com - www.nettracers.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ