Best Enterprise Firewall?

 being the fact i work for an MSSP (a certain member of the OG's bro worked where i currently work and shall remain nameless) we support a bunch of fws...Cisco, Checkpoint, Juniper, etc...IMO I think Chekpoint then Cisco ASA is the best...what say yall?


I prefer juniper ISG and then the ASA. Just because the ISG is easier/better with policy. The ASA because its well supported, handles the traffic and doesn't do anything too goofy.

ASA5510 with IDS/IPS on the edge for sure.

You can't go wrong with WatchGuard.

Cisco ASA can do IDS/IPS?

tycoon - Cisco ASA can do IDS/IPS?

 ssm-20 :) Yep.

Road Warrior Fin - 
tycoon - Cisco ASA can do IDS/IPS?

 ssm-20 :) Yep.

 it can also do AV and content filtering

how much does an ssm-20 run for and is it pretty much the same GUI as the 4200 IDS sensor? I want to get an IDS appliance for my work so I can use it to study for the CCIE:Security lab, but I'm having a hard time convincing my boss IDS/IPS is necessary.

Is AV/content filtering a separate module or a higher licensing like security plus?

Yes, same GUI. It does the same things although no inline VLAN pairs which you need to know for the lab. It'll get you familiar with the interface but I'd recommend the appliance for lab prep.

Not sure on the cost, I've only used them, never purchased them. :D

The CSC is a separate module and you have to choose which one you're going to use because the ASA won't do both. Most go with the IPS module and filter content with websense on a server. I did run into some folks in WY who were using the CSC and it did seem capable for their needs.