Has anyone deployed Sourcefire, in particularly the Cisco FirePOWER on the ASA-X platform? If so how was it? Also how is Sourcefire compared to plain old SNORT or other IDS?
We are looking at that product right now. I'll let you know when we have our test results completed.
Would be nice to see a review... We have been thinking of going that way.. But unsure if it might be to early.
Sent from my iPhone using Tapatalk
Well, we pointed a Spirent at it, full blast, and it started puking packets. Looks like we'll need to do some tuning for further testing...
For the record, the Palo Alto also puked in roughly the same fashion at the same time into the test. The Fortinet guy couldn't get his gear set up properly and the Stonesoft died at much lower transmit rates than what blew up the Sourcefire and the Palo. Those are the four we're testing.
Quote from: deanwebb on February 05, 2015, 07:41:56 PM
Well, we pointed a Spirent at it, full blast, and it started puking packets. Looks like we'll need to do some tuning for further testing...
For the record, the Palo Alto also puked in roughly the same fashion at the same time into the test. The Fortinet guy couldn't get his gear set up properly and the Stonesoft died at much lower transmit rates than what blew up the Sourcefire and the Palo. Those are the four we're testing.
A common design within the DC would be to place something like a F5 that acts as a stateless FW that can handle the traffic, then behind it put either internal FW and/or IDS/IPS. You also get TLS offload that way which is a requirement for the IDS anyway.
True, but we want to see what these guys could take all on their own, since they're advertised as a one-box solution.