Line of Firewalls - Page 3

 By Lynn Haber | Posted Oct 7, 2000
Page 3 of 4   |  Back to Page 1
Print Article

Here's the good news about firewall appliances: When it breaks, you send it back. At the same time, these sealed devices can't be upgraded and are less scalable. When the time comes to upgrade, companies have to upgrade to the latest product versions, or newer models.

By contrast, software solutions require more expertise to configure and deploy and require more administrative effort. However, they can be upgraded and scaled.

A firewall appliance from Netscreen Technologies Inc., of Santa Clara, Calif., was the product of choice for Web Crossing Inc., a San Jose, Calif.-based provider of Web-based discussion software that handles over 65,000 concurrent TCP connections over 100BaseT connections. The company serves over 15 million pages per day at thousands of active Web Crossing sites, including Cnet.com, CNN.com, Lycos, NYTimes.com, , and Pathfinder.

A firewall appliance is configured to get better performance because it's designed for the application rather than taking an existing operating system and adding security, says Jeff Soule, systems administrator at Web Crossing. The company looked at both software and firewall appliances before making a purchase decision. However, according to Soule, We wouldn't be able to get the kind of speed we needed with a software firewall without purchasing expensive hardware. The company currently has eight Web servers in San Jose, Calif.

Product Costs

How do product costs compare? According to industry participants, the acquisition costs for a firewall are lower than the total cost of ownership (i.e., the people required to configure it and provide ongoing maintenance). Overall, however, costs are declining.

According to Axent, a 25-user license for its Raptor software firewall is $1,995, going as high as $24,000 for a full-blown product suite including unlimited VPN. Expect to pay an additional 18% of the product list price for 8-hour, 5-days a week maintenance and support or an additional 25% of the price tag for 24/7 maintenance.

CyberGuard, a vendor that first offered a software solution, will continue to do so, but is also introducing a complete line of firewall appliances; the company reports that its high-end appliance runs $21,000 list. By contrast, a copy of its firewall software costs about $18,000-$20,000. Expect to pay about $15,000 for a Unix server, adding up to $35,000-$40,000 in total. On top of the hardware/software costs, companies must also think about acquiring the expertise to configure, implement, and manage the firewall.

"Outsourcing firewall management is an attractive option for many companies. Not only do managed firewall service providers off-load a company's need to hire in-house expertise, but companies get 24/7 management, as well."

Doing business in an increasingly demanding and fast-paced business world has led many IT shops to the doors of service providers for a variety of contract work arrangements: application hosting, systems management, e-business management, and security. Outsourcing has, for many organizations, become a new way of taking care of the systems on which the organization relies. The reasons are many: An organization may be under time-to-market pressure; have insufficient IT resources for its projects, or suffering a lack of IT staff with those specific skills; or IT may not an organization's core competency.

For any or all of the above reasons, including total cost of ownership (TCO), outsourcing firewall management is an attractive option for many companies. Not only do managed firewall service providers off-load a company's need to hire in-house expertise, but companies get 24/7 management, as well.

Pch.com, the New York-based online division of Publishers Clearing House, which offers sweepstakes and shopping to users, knew it needed a firewall from the first day it went live last year. The company immediately looked for a provider of managed services. My main concern is service levels, says John Zerden, director of technology at pch.com.

The company signed a one-year contract with Digex Inc., of Beltsville, Md., for outsourced firewall management. For about $10,000 per month, or $100,000 per year, pch.com gets two top-of-the- line firewalls and managed 24/7 service for both. Pch.com gets millions of hits per day and in addition to getting around-the-clock coverage and technical expertise, Zerden notes that Digex has clout with the firewall vendors and can handle any issues quickly.

To get the same level of coverage I'm getting with Digex, I'd have to hire five certified firewall engineers at a cost of about $100,000 each, he says.

New Options

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Networking Update Newsletter