Main Menu

firewall Lifecycle

Started by Mark, August 26, 2013, 10:37:28 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Mark

With the ever changing landscape, etc...  How often do you replace your (working) firewalls?

I was thinking 5 years because of technology changes, etc.

Thoughts?
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Hans Manhave

I know you don't use Sonicwalls, but I'm on year 4 of the 5.  The firmware of the Sonicwall TZ's is being upgraded regularly, but the speed of a new one will probably be noticeable after 5 years.  Just so happens that after the three years were over, there was only a two year continuation offer.  I think there could be some conversation regarding this still on this board.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Mark

I was thinking speed and features as the best reasons to replace.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

#3
I may be wrong about this, but I look at firewalls as just a processor running a linux OS and applications to screen traffic.  There is no hard disk, data bus or graphics display go obsolete or slow things down.  At least I look at SonicWall that way.  Your Cisco or other  firewall(s) may be more complicated, but Sonicwall seems to put out just a basic and advanced firewall application that runs on just about all of their "TZ" family of products that I use and probably most of their products.

That said, what SonicWall does affects my decision the most.  What kind of upgrade deals that they offer, whether they keep supporting their content filtering and/or gateway A/V, etc....   If I don't see heavy processor loads or see real world slows downs or have many/any lockups, I just let it run since their nearly universal software/firmware updates take care of the threats. 

Unlike Windows software, I haven't seen Linux operating systems or applications grow fast enough to choke the life out of a system.  I still say that M$ is in cahoots with Intel and system makers to force system upgrades by bloating the OS. 

Anyone seen my black helicopter?  I think it's disappeared!   ;)
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Hi Jeff,

You are sorta right -- nothing I can really argue.  You did point out one core (or is it two cores?) piece of hardware though: the processor.

My 5 year old firewall running current software is similar to a server or computer of the same age running current software.  The newer the software, presumably the more resources it may need.  CPU, RAM, backplane speed (though my ASA has a gigabit backplane).  Also, I have a USB stick hanging off my firewall because there was not enough Flash storage for some things I needed to do for updates, etc.

I think I'll do a feature comparison of what's out there now to better guide my decision.  I'm wondering if all the new software even gets written for the older appliances.

Just wondering what th best practice for firewall life cycle management might be.  I originally believed it to be five years, and that's where I'm at right now, so that is what prompted this question. My firewall is currently in good shape.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security