Where I work we have two PIX Firewalls (520), one strictly for Internet
usage (e-commerce), the other for corporate Internet access + Extranets.
When I went to PIX training, everyone there had already worked with
Checkpoint Firewalls, and so I heard some good feedback in regards to
comparisons.
My experience with the PIX (520) has been totally positive given our
configurations. The hardware is easy .. it's an ATX style PC with a Pentium
II/III CPU. I would have to say, logically, the PIX would perform faster
since there is no hard drive. Everything is in RAM (like a solid state
system). Checkpoint runs on top of NT or Solaris, so there may be more
overhead. However, the PIX is really a Layer 3 Firewall, although you can
load the PFSS NT service on a server and manually enter URLs to block. To
go further than that, you need to run Websense, which is a package that the
PIX talks directly to (on an NT or Solaris box) and you create Groups and
based on those groups, users will be allowed/blocked from visitin certain
web sites. Very similar to MS Proxy Server's group security. We are
running it here at work (5000+ hosts), but I think that the extra overhead
of Websense may have an impact on overall performance (suddenly your super
fast PIX box isn't so super fast, it's the same as any other due to the
Websense bottleneck)..
As for Checkpoint, it goes far beyond layer 3. Most people in my PIX class
seemed to like Nokia's version of Checkpoint in a FreeBSD box rather than
the NT version of Checkpoint. Beyond that I cannot say much..
Regards,
Mark Holloway
"Imran Obaidullah M" <[EMAIL PROTECTED]> wrote in message
F149A24C5121D211A9710004AC4419C801B4BAF5@RSINTS002">news:F149A24C5121D211A9710004AC4419C801B4BAF5@RSINTS002...
> Hi friends,
>
> I have few basic questions,
>
> 1. If I can implement NAT and Access policy on normal router which has 2
> ethernet interfaces then how PIX improves the perfomance as an dedicated
> Firewall(If Iam not implemeting VPN).
>
> 2 Which is the best firewall and more reliable. What are the perfomance
> difference between the PIX and CheckPoint.
>
> Please send me the details
>
> Thanks
>
> imran
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
