Gee, I hope that your company doesn't lose any Cisco reseller status levels or Cisco specializations because you got the qualified people fired...
That can cost them $$$. My .02c is that you are God's gift to Linux and all other OS's stink in your opinion. ;) Now that I've started a flame war... Oops! Part of being a successful network engineer and a good team player is to help out all the other engineers in the areas that they are weak in. Are you capable of handling all of the R/S items that come up without the CCIE's on staff? Raymond -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of adrian jones Sent: Monday, December 09, 2002 3:17 PM To: elping; Louis Young; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: Chuck Church; Security Subject: Re: Hello (long response) Elping, Please do NOT make any statements regarding CheckPoint Firewall without knowing all the facts. I've been working with both Checkpoint and Pix firewalls. I even build a few "franken" pix firewalls so that I can learn as much as I can about Cisco Pix firewalls. The "franken" pix firewall actually help me landed my current job that pays 100k/year. Both CheckPoint and Pix firewalls have its strength and weaknesses. I agree that Cisco TAC is much superior than CheckPoint support. The "no text configuration" that you refer to in CheckPoint, you must be refered to running CheckPoint on Winblows platforms. NEVER RUN FIREWALL ON A GENERAL PURPOSE OPERATING SYSTEM. If you worry about cost, check out CheckPoint SecurePlatform. If you are "unix" literate, does the term "tcpdump" mean anything to you? That's how you troubleshoot my friend. Now if you are talking about cost, Cisco Pix will beat CheckPoint by a long shot in term of performance for your $. However, for a small/medium business, Checkpoint does come with a lot of features such as URL filtering (native), http load balancing, etc which Pix doesn't have (without 3rd party products). For enterprise environment, CheckPoint does come with ClusterXL (aka, load-sharing or Active/Active Firewall), which again, Pix doesn't support. Last but not least, CheckPoint does have a very nice Management piece called "provider-1" that Cisco Pix doesn't have. I do have to say that the price for CP products is totally "outrageous"; however, CP is a good product. In terms of hardware product, you can run CheckPoint on Nokia Platforms which is very stable and proven product. New version of Nokia firewalls do come with Flash instead of hard-drive so that the reliability is very high. Nokia is a big partner with CP. You can get CP support if you purchase Nokia firewalls from Nokia. Nokia TAC is just as good as Cisco TAC. I've completed my first week at my new job as a Security Engineer and I am amazed at the # of Cisco Certified folks at my company that are completely incompetent and downright clueless at what they can do. We are a consulting company and being in the consulting business, you are forced to know pretty much about everything. I have a couple of CCIEs in the office came to me and ask me how to restart sendmail and postfix (we are a linux shop) in linux. Another CCIE asked me how to use "nmap" in unix. The last one is down right funny, one CCIE asked how to start Apache in Solaris. It just seems to me like R&S are all they know and nothing else. We also do R&S here but at these times, demands for those have not been that great. Therefore, we have to branch into other things such as Security (PIX, CheckPoint, Wireless, IDS, etc...) I brought these issues to my boss attention last wednesday and on thursay he ordered me to 'clean' house. The first thing I did was to send "pink" slips to all 4 CCIEs in the group and told them that they are fired because they don't know anything other than R&S. They were making $130k/year and sucking almost all of our budget. My advice to everyone out there is to keeping learning other things in addition to the R&S. The market for CCIEs is not as good as it used to be. You better know other things especially Unix and Firewalls than just merely R&S. There will be lot of good peopel competing for the same jobs and the only way you can show the potential employers that you are better than the other guy is by showing them that you know other things not just R&S. Just my .02c. Adrian elping wrote: I work with the checpoint firewall ...and let me tell you they are gui based and very easy to coinfigure...but do they suck.....ther is no text configuration . the debugging sucks...and most of the times i have called checpoint for support ..i have done everything by the book...and they suggest reboot ....sucks .. 98 perfecnt of the time they suggest to stop the engine and restart it .. anyways i think anything that has a hardrive sucks ... i predict they (checkpoint) will die soon if they do not come out with a hardware product....... Louis Young wrote: > if the topic of security comes,not actually only one vendor of cisco > systems,there are many other options. netscreen,checkpoint,etc. why > stick with cisco,just coz it is stronger?I don't think so :) > > ----- Original Message ----- > From: "Chuck Church" > To: "Louis Young" ; "Security" > Sent: Sunday, December 08, 2002 11:22 PM > Subject: Re: Hello > > > Couple reasons actually. I've worked with PIXs and VPN in the past, > > and would like to really become stronger in the technology, > > especially the IDS and AAA stuff. The R&S hasn't been the 'pot of > > gold' that it once was, so I'm still under-employed (only working > > part time) currently. So between wanting to further my skills and > > having the available time to do it, here I am! > > > > Thanks, > > > > Chuck Church > > CCIE #8776, MCNE, MCSE > > > > > > ----- Original Message ----- > > From: "Louis Young" > > To: "Chuck Church" ; "Security" > > > > Sent: Sunday, December 08, 2002 9:53 AM > > Subject: Re: Hello > > > > > > > Hi,having seen your active behavior in R/S list for a long time :) > > > why think about security? > > > > > > > > > > > > Regards, > > > Louis > > > > > > ----- Original Message ----- > > > From: "Chuck Church" > > > To: "Security" > > > Sent: Sunday, December 08, 2002 12:17 PM > > > Subject: Hello > > > > > > > > > > All, > > > > > > > > I just thought I'd introduce myself. I'm thinking pretty hard > > > > about going for the CCIE Security. My current CCIE is R&S. > > > > Haven't seen any messages since I joined yesterday, just > > > > wondering if there's many people > > on > > > > this list. > > > > > > > > Thanks, > > > > > > > > Chuck Church > > > > CCIE #8776, MCNE, MCSE --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58836&t=58836 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
