Network Design Cookbook | The Archecture of Network Design
firewalls. This includes their limited experience with SonicWALL products. They never deployed them and have no
production experience. They are comfortable with how to administrator the Juniper because they know what to
expect. They also love Juniper support. They didn't like Cisco support because the whole SMARTnet contract
process and how to open a ticket was confusing to them. In reality they only done it twice and didn't know the
process.
Let's pick on me for a little bit. I prefer CLI, I can provide value-add expertise and implement many solutions via CLI
faster than GUI. However, GUI for Cisco UCM and Wireless LAN Controllers is very simple for administration. My
working experience with Juniper and Checkpoint firewalls is very limited and I am very comfortable with how to
administrator Cisco products.
Having a dislike besides the limited experience could be related to a bad relationship with the hardware vendor. For
example, I have a partner who was trying to become a Cisco partner and the process was confusing to them, which
took several months. The Juniper Partnership program was easier for them and that was the moment when they
preferred Juniper products over Cisco products. Therefore, they experienced a poor vendor relationship with Cisco
because of the partnership ordeal. ROUTEHUB GROUP became a Cisco partner in short time because again we
have experience and know how the process works.
Another reason for a dislike is when an IT person says Juniper Firewalls are faster than Cisco firewalls. I often like to
inquiry more on what they did to determine that. Such as what was the Cisco product model, the Juniper product,
who configured the Cisco Firewall, and who configured the Juniper Firewall. The answer most of the time is the
same. They configured both firewalls, but have higher experience with one product over the other. So in this case
they have strong experience with the Juniper products and little with Cisco. They did some Google searches to get
the Cisco firewall working. Also they used a Cisco product that was aimed for the SMB/Medium market and the
Juniper product chosen was aimed for Large enterprises.
So, it wasn't a fair alignment of products based on the business size and the configuration of the Cisco firewall was
questionable due to limited experience. This is fairly common when preferences and dislikes are exchanged.
The bottom line is this, no product is truly poor in performance and what it provides if it is deployed correctly. And if it
is deployed for the correct market segment and meets the requirements. That is the only factors that are important. I
have seen SonicWALL firewalls deployed in SMB networks causing no issues. I have seen Watchguard firewalls
deployed without any impact or issues. I have personally deployed Cisco Firewalls for Small to Large Enterprise
environments without any performance issues. The reason for these three cases is that they were all deployed
based on true production experience and met the overall requirements.
Therefore, when you choose the hardware for a component determine the following:
Meets the business and technical requirements
Aligns (if applicable) with the Business size of the network & business
Simplicity and Administration
Experience and the Support Model
Realistic Metric Conditions (e.g. Performance)
Let me quickly discuss what "Realistic Metric Conditions" means. Different firewall models provide metrics such as
firewall throughput and VPN throughput. This also goes for switches with the forwarding rate, backplane traffic, to
throughput with a line module for a chassis. The main determination is to understand the realistic metrics. For
example, let's say that firewall product "A" provides 1Gbps for firewall performance and firewall product "B" provides
500Mbps for firewall performance. Most IT people will say that firewall product "A" is the better choice, especially if
that is their preference. Well if your Internet connection is a T1, then your highest possible throughput through the
firewall is roughly 1.5Mbps. That is far below the metrics for products "A" and "B", so both are a good choice.
This discussion can be heated as you can see, therefore, the only main point is choosing a hardware product based
on the requirements, support model, and value-add expertise for deploying the product into the network.