I am not going to get into a PIX vs. Checkpoint argument here ;)
(chuckle)............
but no way is checkpoint better then PIX when it comes to performance or
security....lol!!!
No just kidding, that is just my opinion (and the opinion of many lab tests
and firewall "wars")
Checkpoint is simply easier to configure for many ppl because of it's GUI.
Logging & manageability is better out of the box from what I have seen, but
when you start looking at the integrated IDS features of the pix, the
performance, statefull failover features, and how well it integrates with
your Netranger (now called Cisco Secure IDS?), PIX wins hands-down overall
for in integrated managed security environments, reporting and logging.
The thing I really don't like is that Cisco has as of yet refused to get the
PIX ICSA certified (and there are all kinds of arguments as to why) when
most all other vendors are.
I just had to stick up for the Cisco PIX with such a blatant "Checkpoint
is better" opinion thrown out there. O.K. Let the flames begin.
-----Original Message-----
From: Quek Chin Leong, Steven [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 02, 2001 3:11 AM
To: [EMAIL PROTECTED]
Subject: RE: What should I block???
Hmmm, I have opened up and configured PIX Firewall box.
Basically it is a motherboard with PCI card.
It is not a hardware firewall.
Personally in term of security, logging, performance and
manageability feature, CheckPoint is better off than PIX.
St
-----Original Message-----
From: First M. Last [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 02, 2001 12:14 AM
To: [EMAIL PROTECTED]
Subject: Re: What should I block???
PIX is wire-speed, hardware based! Checkpoint is based on the box you have
it installed, which could be better than PIX's box... agreed!, but it is
also software based.
CheckPoint does have an embedded hardware based box made by NOKIA, but that
market is not doing so well.
Khalid Khan
"John Neiberger" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've got a better idea....get rid of the Checkpoint firewall and let the
PIX
> handle everything. :-) Seriously, the PIX is a lot beefier machine. I
> would reconsider your decision to let the Checkpoint handle the brunt of
the
> traffic. The PIX can handle far more traffic than the Checkpoint,
assuming
> you have a fairly new PIX and your checkpoint FW isn't a dual 1.5 GHz
> Pentium III with a gig of RAM.
>
> Then again, I may be wrong and your mileage may vary. I guess that I
can't
> really give you a definite answer without knowing more about your specific
> goals and network topology.
>
> > Hi Group,
> > I know that this is going to be very broad but just bare with me on
> this one. We are switching over our firewall router from a bay to a cisco.
> The cisco one that I am going to work on is already pre-configured except
> for access-lists and filters. What they basically told me is that the
> checkpoint device behind it will take care of all of the intense blocking
> and forwarding, but on this FW-router we just want to block the basic
things
> that are usually not allowed through.
> > Here's what I was hoping for. Just a basic list of things that are
> normally blocked on the router above the FW. For example, I know that I'm
> gonna set an inbound access-list denying telnet so that the checkpoint
> doesn't even have to worry about that. I am just looking for a list of
> services/ports/etc., that as a rule of thumb to you FW guru's, are usually
> denied. I know this is broad and I'll understand if I don't get much
> feedback. Gotta also find that whitepaper on FW's. Concidering this will
be
> my first time coming anywhere near a FW (FW Virgin) I'm a little nervous
and
> hope you guys can help out. Thanks all, =o)
> >
> > Mark Z...
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>
>
> _______________________________________________________
> Send a cool gift with your E-Card
> http://www.bluemountain.com/giftcenter/
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
