Opinions

[kkawano]

Hi All,

In December my company decided to go with a Watchguard firewall solution. We ran into so many problems with VPN mobile users dropping connection, branch offices dropping connection, setups that we are now looking for another solution. We are looking at the Cisco PIX 513E and 501 for our main office and branch office respectively. In light of the problems we had with Watchguard we are trying to get opinions of others (good or bad) who currently use the equipment. So, any major likes or dislikes? Any common problems? Can anybody compare to a Watchguard 700?

Any info is greatly appreciated!!!

Best Regards,

Karl

 

[baddos]

I like the PIX. The only problem is bad documentation.

 

[themikehyde]

Having just replaced our software firewall with a PIX 515E, I can say this:

I like the product.

Don't let them sell you that the graphical interface is the next best thing to sliced bread.

Don't rely on Cisco to help.

Bookmark this thread! If it was not for these helpful folks here, I would have packed this thing up and shipped it back!

Thanks guys!!!!!!!
Themikehyde

 

[havanajoe]

I have used several different firewalls, and from my experience I really like the PIX. It has done everything that I have ever required it to do. I would recommend the PIX to anyone. I agree with baddos and themikehyde as well. Documentation leaves a bit to be desired. I did however had decent luck with Cisco support, or at least those techs that I worked with.

This forum is definitely full of great people all willing to help out. Me included.

Dave

 

[jdl508]

I would definitelly recommend the PIX. the only thing I have left to be desired with the PIX is that if you are running a remote 'cheaper' router or fw that does pat you cant get a vpn tunnel up through them but other than that i think the PIX is a great box! And I find cisco support to be pretty good. Yes they dont always have the answer but have you ever tried to get an answer from micro$oft. yikes
thanks
jdl

 

[kkawano]

Hi all,

Thanks for the information!!! I really appreciate it. After also talking to others it looks like the Cisco PIX is the winner. Other than documentation, everybody seems to be really happy with the product.


Thanks Again,

Karl

 

[yizhar]

HI.

> We ran into so many problems with VPN mobile users dropping connection ...

You will probably have no problems with pix to pix VPN tunnels (once extablished), but mobile users might get problems when they try to VPN over links that do not support IPSEC, for example over cellular GPRS devices, or behind another NAT/FIREWALL at the client side that might block IPSec or hide IP addresses of the roaming client.

Someone here wrote that the next pix OS 6.3 might fix it, however this is currently only a rumor.

To conclude the VPN issues:
* You'll probably get good results with site to site VPN.
* You'll probably get good results with roaming clients using most common Internet connections (dial-up, adsl, etc) but using some connections might fail.

Search for "transparent tunneling" or IPSec encapsulation to learn more about this issue. Currently the Cisco software VPN client supports this feature, but the current pix OS does *NOT*.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar