Comments on: Getting out of the Hardware Appliance Racket

by: Jeff Wiltshire

Tue, 12 Dec 2006 13:26:28 +0000

I have no idea what a Ponzi scheme is….must be a US term.

Hardware firewalls can be purchased that will outperform ISA 2006 for less than the cost of the license fee for standard edition plus Windows 2003 license + server hardware. There is no racket as you would like to believe…..

by: Thomas Shinder

Tue, 12 Dec 2006 13:07:21 +0000

The discussion isn’t about the best firewall in the world, it’s about how customers get duped and taken advantage of because of the “hardware appliance” racket. Customer waste thousands of dollars on the “appliance” Ponzi scheme every year.

by: Jeff Wiltshire

Tue, 12 Dec 2006 12:54:53 +0000

I never said that you could provide a solution for 125,000 users for under $1000….re-read what I wrote.

Your arguement is flawed as the examples you use are not what you claim them to be and yet again you are being deliberatly disingenuous with your response. Regardless of how you would like it to be different ISA is not the greatest firewall on the planet.

by: Thomas Shinder

Tue, 12 Dec 2006 11:24:20 +0000

So let me get this right — you can provision a sonicwall or Check Point Server for 125,000 users for under a $1000? AND include IPS, DPI (marketoid speak!), AV and AS?

I’d like to see that!

BTW — there are no flaws in the argument. Read the discussion again and you’ll find all assertions irrefutable. I’ve proven that already because you weren’t able to refute any of the assertions you called “flawed”.

HTH,
Tom

by: Jeff Wiltshire

Tue, 12 Dec 2006 10:13:19 +0000

I occasionaly watch from afar and smile at Tom’s “one man crusade” regarding ISA and other firewall vendors and then move on without comment…..

However this time your arguement is so flawed that it begs to be commented on. Your choice of Hardware Appliance vendors are hardly representiative, Bluecoat don’t produce hardware firewalls (they are a proxy/AV appliance company) and Cisco are hardly on the leading edge of appliance technology. There are a large number of hardware firewall vendors making very good products which completely eclipse the capabilities of ISA 2006, I suggest you look long and hard and vendors like SonicWALL, NetASQ, Juniper, Fortienet, Nokia (with Checkpoint) etc etc. SonicWALL have Intrusion Prevention, Deep Packet Inspection, Gateway Anti-virus, Anti-Spyware built in to a sub $1000 box.

Just in case you get the wrong idea I have built a ISA 2004 system based on 2 4-way arrays to handle 125,000 users (over 40,000 concurrent users) so I’m not a complete idiot when it comes to ISA.

by: Ray

Sun, 10 Dec 2006 02:12:33 +0000

The thing that constantly amazes me is how supposedly competent people equate “hardware appliance” with “no maintenance required” or “I’m not responsible for it”.

To all of you: Unless the appliance is running on mechanical relays and vacuum tubes, software is somehow involved. Software with flaws written by people just like those who write software for “non-appliance” firewalls.

And you are still responsible for keeping its software (a.k.a. “firmware”) updated and administered properly. You will lose your job for having a “hardware appliance” getting compromised just as fast as for a non-appliance firewall. And maybe faster if you neglect your responsibilities.

Ray