PDA

View Full Version : Netasq Firewalls



Deb
10-07-10, 06:09 AM
Hi,
We are evaluating a few firewall products. One of the vendors is
Netasq. We are looking at their U30 & U70 products.

I was wondering if anyone here has any experience with these products
and any pros/cons of the same.

Also, their brochure says it has an Intrusion Prevension system.

I am aware of Snort like IDS, but haven't really worked with IPS.
Can anyone who is using Netasq elaborate on how the IPS works?
In a IDS system, based on signatures & rules, the IDS issues alerts.
Would an IPS drop packets instead for the same cases or is it something
more?

Deb
10-07-10, 06:30 AM
"Deb" <deb@deb.com> wrote in message news:i8k9mc$se6$1@news.datemas.de...
> Hi,
> We are evaluating a few firewall products. One of the vendors is
> Netasq. We are looking at their U30 & U70 products.
>
> I was wondering if anyone here has any experience with these products
> and any pros/cons of the same.
>
> Also, their brochure says it has an Intrusion Prevension system.
>
> I am aware of Snort like IDS, but haven't really worked with IPS.
> Can anyone who is using Netasq elaborate on how the IPS works?
> In a IDS system, based on signatures & rules, the IDS issues alerts.
> Would an IPS drop packets instead for the same cases or is it something
> more?


Also do the U30 & U70 provide outbound loadbalancing and/or failover
(in a multiple ISP scenario)

onlinejo
10-13-10, 12:37 AM
Hi Deb,
I highly recommend NETASQ from my experience I have deployed more than 50 box myself from different models.

It's true that it has powerfull IPS and it comes by default and not an add-on like others, it's built inside the kernel for that they have best numbers in terms of throughput, if am not wrong U30 (200Mbps) and U70 (600Mbps), and this is when having Firewall + IPS running together, and this is important thing to know as other vendors claim there throughput on Firewall only, and they don't mention the throughput with IPS as the performance will be reduced by 60-80%.

I like NETASQ IPS because it has three engines, Contextual Signatures, Protocol Analysis, and Heuristic engine. So it's not signature based like snort, because if it's only based on signatures then if you don't have update it means you are not protected, where NETASQ has the 0 day threats protection. In fact they claim and challenge that non of there customer ever have faced data loss/damage after any cybercriminal attack.

IPS Security policy is set by default to protect you from all threats, so you don't need to be security expert to set the policy, but you still can customize.

It usually block or show an alarm based on the traffic, with approximately 0 false-positive.

And for the other question, yes it supports Load balancing of WAN connections, and many other features.

P.S. U30 and U70 comes without local storage, so you can't have logs stored on it, you have to go to the higher models like U120 if it's a concern.
But you still can see in Realtime monitor the real traffic, and you can configure to send to external syslog or to use SNMP (v1, v2, and v3).

I hope I provided you with enough information.
Regards,
Nebras Al-Qurashi