When you learned about the various technology products needed to secure an Internet perimeter, what differentiates one product from another in the marketplace? Why would a Cisco firewall be better than a SONICWall firewall, or is it? As you think about these questions, what might be some questions you'd ask a security product vendor when selecting firewalls, routers, and IDSs?
2-Please answer this post like discussion if you agree or disagree, and why? Please explain it. This post is the answer from somebody else about question #1.
When choosing firewall for network implementation, many things can differentiate one firewall from another. Firewalls can be different from each other according to what they offer. These are services that most firewalls offer today:
1.0 Full State Awareness, which has access to the "raw message," and can examine data from all packet layers. In addition, FireWall-1 analyzes state information from previous communications and other applications. The Inspection Module examines IP addresses, port numbers, and any other information required in order to determine whether packets comply with the enterprise security policy. It also stores and updates state and context information in dynamic connections tables.
2.0 Securing "Stateless" Protocols allows the firewall to understand the internal structures of the IP protocol family and applications built on top of them. For stateless protocols such as UDP aand RPC, the Inspection Module extracts data from a packet's application content and stores it in the state connections tables, providing context in cases where the application does not provide it. In addition, it can dynamically allow or disallow connections as necessary. These capabilities provide the highest level of security for complex protocols.
3.0 The Inspect language is based on using a checkpoint language for inspection of packets
4.0 Stateful Inspection: Under the hood to the firewall is able to ensure highest level of security, a firewall must be capable of accessing, analyzing and utilizing the following. The following functions are performed by stateful firewall: Communication Information - information from all seven layers in the packet
Communication-derived State - the state derived from previous communications. For example, the outgoing PORT command of an FTP session could be saved so that an incoming FTP data connection can be verified against it.
Application-derived State - the state information derived from other applications. For example, a previously authenticated user would be allowed access through the firewall for authorized services only.
Information Manipulation - the evaluation of flexible expressions based on all the above factors.
Check Point's Stateful Inspection is able to meet all the security requirements defined above.
Personally when designing network for a small or medium company I will choose Sonicwall over Cisco because of easy to configure that its firewalls offer, and the price that is much cheaper than Cisco's. In the opposite if I have to design a network for large company I will choose Cisco firewall because of the complexity of their system design, also because the name of Cisco which will give them more assurance than Sonicwall will do. The best thing to do is also mix both firewalls in the design since their interoperability is guaranteed.