| Vendor |
Product |
Price as tested* |
Pros |
Cons |
Score |
| Astaro |
ASG 425a |
$20,000 for hardware; $10,600 for software. |
Clean packaging of many open source tools; easy high- availability setup; includes SSL VPN for remote access. |
Management is confusing and fragmented;
IPS configuration and alerting is weak; bugs in high-availability
testing raise concerns. |
2.93 |
| Check Point Software |
UTM-1 2050 |
$31,000 for hardware; $19,800 for software. |
Full-featured firewall and management
software in a small package; flexible high-availability options;
outstanding site-to-site and remote-access VPN. |
Secure Platform operating system limited
in network and management functionality for enterprise-sized customers;
UTM configuration generally weak or overly complex. |
3.82 |
| Cisco |
ASA5540 with SSM-20 IPS module |
$49,990 for hardware; $3,500 for management. |
Cisco Security Manager management strong;
very flexible network-address-translation options; multiple layers of
intrusion prevention offered. |
Missing Cisco-quality network features,
such as dynamic routing; some management functions awkward; IPS
coverage lower than expected. |
3.68 |
| Crossbeam Systems |
C25 running Check Point Secure Platform |
$48,000 for hardware; $45,000 for software; $6,000 for management. |
High performance in firewall mode; high port density. |
Secure Platform limited for enterprise deployments; poor antivirus throughput. |
3.87 |
| Fortinet |
FortiGate 3600A |
$122,000 for hardware, software and management bundle. |
Blazing fast antivirus performance; good antivirus catch rate; nice hardware packaging. |
Advanced features require command-line interface; weak documentation for enterprise; weak overall IPS. |
3.17 |
| IBM |
System x3650 running Check Point Secure Platform |
$13,700 for hardware; $49,500 for software; $6,000 for management. |
Blazing fast firewall performance; easy installation with Secure Platform. |
Secure Platform limited for enterprise deployments; system hot and heavy. |
3.99 |
| IBM/Internet Security Systems |
Proventia MX5010 |
$24,000 for hardware; $12,500 for software; $23,500 for management. |
Outstanding intrusion-prevention system catch rate and performance. |
Very weak firewall features; central management not suited to enterprise firewalls. |
3.3 |
| Juniper Networks |
ISG-1000 |
$60,000 for hardware, software and management bundle. |
Great IPS catch rate and performance; good high availability and routing feature set; expandable chassis. |
Central management not well matched to high-port-count firewalls. |
4.38 |
| Juniper Networks |
SSG-520M |
$20,000 for hardware and software bundle; $4,600 for management. |
Very flexible chassis; good high availability and routing features; easy management options. |
Central management not well matched to high-port-count firewalls; IPS features weak in enterprise setting. |
3.8 |
| Nokia |
IP290 running Nokia IPSO
|
$8,000 for hardware; $42,000 for software; $6,000 for management. |
Great hardware design and "green"
construction; IPSO operating system very full-featured for enterprise
network features, such as routing, management and IPv6. |
Limitations in NAT and antivirus handling should be fixed; UTM configuration weak and complex. |
3.94 |
| Secure Computing |
Sidewinder 2150D with IPS acceleration |
$80,600 for hardware and software bundle; $6900 for management. |
Great performance with proxies enabled; strong security model for high-concern applications. |
Central management not ready or complete; UTM integration and capabilities behind those of other products; system hot and heavy. |
3.35 |
| SonicWall |
Pro 5060 |
$22,000 for hardware and software bundle; $2,000 for management. |
Great antivirus support and catch rate; deep UTM feature set. |
IPS features weak in enterprise setting. |
3.38 |
| WatchGuard Technologies |
Firebox Peak X8500e |
$15,000 for hardware; $5,600 for software and management bundle. |
Good hardware design and "green" construction; strong monitoring capabilities; very deep UTM feature set. |
Poor antivirus coverage; enterprise features, such as dynamic routing, lacking. |
3.30 |
| *All hardware prices stated include two hardware instances required for high-availability testing. |
