NETASQ firewalls....

mrbios · 1 Feb 2013 at 19:36

Anyone used one?

I was previously looking at palo alto but i've been quoted a decent price for a netasq U250S and the only video i can find of them makes it look quite good but it's a video by netasq themselves, so i need some unbiased user opinions.

prj1865 · 1 Feb 2013 at 20:20

Never even heard of them let alone used one. That alone would make me wary.

#Chri5# · 1 Feb 2013 at 20:24

Never even heard of them (as somebody who works for a reseller and gets a lot of product launch bumf)

mrbios · 1 Feb 2013 at 20:39

Interesting, they're very france based it seems from googling, the french military supposedly use them (it's not looking good eh?

) and their nato approved for whatever that's worth.

This is their site: http://www.netasq.com/en/firewall-services/u-series-s-models.php

GhostlyPea · 1 Feb 2013 at 21:12

prj1865 said:
Never even heard of them let alone used one. That alone would make me wary.

This. I'd go with a vendor that has a good reputation (depending on features required). For all we know they could be excellent, but considering all the things that can be required of a perimeter device including support when something goes **** up, I would be wary.

- GP

kefkef · 1 Feb 2013 at 22:29

We use Cisco, but if I had the in house skills it would either be Palo Alto or Checkpoint.

iaind · 1 Feb 2013 at 22:52

Watchguard or fortinet for me

mrbios · 2 Feb 2013 at 08:51

Getting a box from the supplier to play around with

Palo alto was my first choice but the PA offering is over double the price of this one, so im going to give it a good look over. Also theyre offering onsite and remote support as well as training so they have that part well covered.

iaind · 2 Feb 2013 at 10:13

Have you looked at fortinet? Much cheaper than palo but similar utm features and a brand that people have actually heard of.

I don't think I could run one of those boxes you posted, I'd end up calling it e netsaq

mrbios · 2 Feb 2013 at 12:02

I did look at fortinet, even contacted them and asked for more info but they arranged to ring me back and never did.

Might contact them again on Monday though as i did like the look of them, not sure which product of theirs i should be looking at though in the mean time? 600-700 devices, 100mb internet connection and requirement for spam+av filtering on top of the standard firewall capabilities (assume AD integration is standard for all firewalls these days?....I've been using an ISA2006 box for years so quite out of touch with it all)

Any rough idea on price in comparison? I'd be looking at £1500 for netasq, £3350 for palo alto + optional extras such as spam filtering.....which i dont think PA could do.

GhostlyPea · 2 Feb 2013 at 12:43

For those features I'd be going for a Checkpoint or Juniper without a doubt. If you REALLY have a strict budget then at a push a Watchguard or PA.

- GP

iaind · 2 Feb 2013 at 13:26

mrbios said:
I did look at fortinet, even contacted them and asked for more info but they arranged to ring me back and never did.

Might contact them again on Monday though as i did like the look of them, not sure which product of theirs i should be looking at though in the mean time? 600-700 devices, 100mb internet connection and requirement for spam+av filtering on top of the standard firewall capabilities (assume AD integration is standard for all firewalls these days?....I've been using an ISA2006 box for years so quite out of touch with it all)

Any rough idea on price in comparison? I'd be looking at £1500 for netasq, £3350 for palo alto + optional extras such as spam filtering.....which i dont think PA could do.

The wg or fortigate will be similar price to the netsaq, palo are very expensive.

I have a very good contact at fortinet, drop me an email and ill send you his details over

Hulkster · 4 Feb 2013 at 08:38

They are big in the French market and feature on the Magic Quadrant. They have some pretty good accolades to their name as mentioned. They also confirm to the Common Criteria EAL4+.

Give them a try. I did a trial of one and to be honest I wasn't too keen.

The support we got from their guys was excellent but there wasn't really much about the product that struck me as being all that great. As a relatively unknown product (even at trade shows resellers would say...who?) it would have to be really impressive to coax me personally.

They have a vulnerability analysis module but it's passive, which is a shame as I had hoped for a nessus-like feature to be able to scan specific hosts/subnets which would have been a nice added value service (albeit at an additional cost).

As well as Palo Alto, Checkpoint and Juniper as already mentioned, check out SourceFire 3D.

mrbios · 4 Feb 2013 at 09:15

Thanks Hulkstar that's just the sort of info i was looking for

from the sounds of things the nice low price tag is down to the relatively less than impresive capabilities then.

Iaind will send you an email in trust now, quite keen to get in contact with fortinet now

iaind · 4 Feb 2013 at 09:37

Recieved and replied

Hulkster · 4 Feb 2013 at 09:45

mrbios said:
Thanks Hulkstar that's just the sort of info i was looking for from the sounds of things the nice low price tag is down to the relatively less than impresive capabilities then.

I'd say still give them a try tbh, it's always worth putting a few products to the test.

It was around a year ago when I had one and there were some niggling issues specific to some services in our environment. I guess it depends what sort of systems you're looking to protect.

If for instance you are looking for something which is highly application aware and chock full of Layer 7 goodness then Palo Alto excels here. I actually found the NetASQ pre-sales techs to be very open and honest about what they are and what they aren't. In the end as well as being generally not too keen, it just didnt tick all the boxes for our requirements.

mrbios · 4 Feb 2013 at 14:23

Cheers iain

I need a 3rd comparison, so what are checkpoint like? can anyone give me any idea what their costs are like in comparison to palo alto and fortinet?

How good is their spam filtering?

iaind · 4 Feb 2013 at 14:36

Checkpoint are horribly expensive and rather complicated to manage

Watchguard are closely priced to FG and make some very nice kit

GhostlyPea · 4 Feb 2013 at 14:43

Depends on a lot of factors really. The thing about checkpoints is that they are complicated. Most people who use them (such as us) have access to specialists and because of that we get massive discounts. Based on your queries I'd gather you don't have that expertise in house; if that's the case then you're looking at it being prohibitively expensive. Our cluster of 4607 units including support was just shy of £10.5k - it doesn't sounds like you're looking to spend that. (considering that takes into account our partner status). If you're looking for a single unit with all required software blades and support it's probably around 6 - 7k. Plus I know I have said it before but I'll say it again, you really need access to specialists to support these too. They aren't simple appliances like Watchguards or ASAs. There's a full on BSD install underneath. 9Dont let all this talk scare you though, IMO they are some of the best units on the planet and their feature set and performance are second to none)

To me it sounds like you probably want to look at a Watchguard solution. Even a cluster won;t be budget breaking with a full compliment of feature keys.

- GP

mrbios · 4 Feb 2013 at 14:52

Cheers chaps, and i agree certainly don't have that kind of expertise in house!!

Will take a look at watchgaurd then