Well, Let me talk about this one. First of all the GUI on the Checkpoint
is great but you still have to know what services and objects you want to
give or deny access too. I have to tell you that even an ACL is more
flexible than a Checkpoint rule. With that said the checkpoint product is
very good at what it does, but VPN is not the most fun and requires a great
effort to get folks talking with the network behind it.
The fact that Checkpoint resides on an NT or Sun box, Nokia also but that is
another story all together, leaves us to believe that the OS is the
weakness, well that is true. Both the NT and Unix OS's need to be hardened
before you have a secure environment. In addition you have to be able to
scale properly, this means you have got to have a Platform that can handle
the traffic, in Sun's case we spend a lot of money to have powerful enough
machines to run Checkpoint. Dont forget the cost of the harware platform.
Licensing, well basically Checkpoint sucks, It has taken us at times 3
months to get a permanent license after purchasing it. I don't want to go
any further on that because I will rant and rave about the lack of service
all day long. As far as annual costs, well you got it, every years you get
to pay for it, there are no upgrades only purchase of the new rev, also the
service is way more expensive than the PIX service..
Let me be honest, the checkpoint product works very well, but the problems
with service , licensing and throughput has us ordering the PIX 525. You
can also use the Cisco Secure Management software to update your sites, I
hear it works well.
ML
"Chuck Larrieu" <[EMAIL PROTECTED]> wrote in message
009701c0571f$87c1c680$[EMAIL PROTECTED]">news:009701c0571f$87c1c680$[EMAIL PROTECTED]...
> I have heard both Cisco and Checkpoint sales engineers ( not in the same
> room at the same time ) agree to the following points:
>
> 1) Checkpoint management ( GUI ) is FAR superior to anything Cisco has.
> 2) PIX is FAR superior in terms of throughput
> 3) Everything else the vendors say are subject to interpretation and
> prejudice
>
> Checkpoint management superiority shows itself in situations where you
have
> multiple firewalls and multiple security domains, where policy requires
> constant updating, etc. PIX is just fine in situations where are limited
> number of firewalls, and/or limited policy change, so command line
> configuration is not so overwhelming.
>
> I have also heard ( but do not know for a fact ) that at this time,
> Checkpoint VPN-1 client side software is the most stable on the market for
> client PC secure VPN tunnels. My source was my DE, who tells me that she
has
> derived several VPN designs around the Checkpoint/Nokia product. The
> feedback from the field, she tells me, is that there are fewer issues with
> Checkpoint than with Cisco Secure Client and the VPNet client. This too
may
> be one of perception. I have not read any industry comparison tests.
>
> In the end, one should begin with a clear and written security policy, and
> then choose based upon which vendor satisfies the precepts of that policy.
>
> Chuck
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Jason Roysdon
> Sent: Saturday, November 25, 2000 11:58 AM
> To: [EMAIL PROTECTED]
> Subject: Re: comparison between checkpoint firewall-1 and cisco pix 525
>
> Correct me if I'm wrong, but one of the key differences is that Checkpoint
> requires a "subscription" fee every year or so.
>
> The biggest selling point I give to customers is that Firewall-1 runs on
top
> of Unix or NT, and use good ol' FUD regarding OS that aren't that secure
to
> begin with, vs. the PIX has a completely hardened/customized OS.
>
> Best suggestion would be to hit both vendors' sites and see what they have
> to say.
>
> --
> Jason Roysdon, CCNA, MCSE, CNA, Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
> Cisco resources: http://r2cisco.artoo.net/
>
>
> ""D'souza Agnelo"" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> > Can anyone give me comparisons between checkpoint
> > firewall-1 and cisco pix 525.
> >
> >
> > Agn
>
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
