Sounds to me like you won't save much if any money in the long run. With all the other bits and pieces you need for the complete solution, you are probably better off keeping Checkpoint, and paying the high price.
Checkpoint is pricy, maybe a little too pricy, but it is pretty good from a functionality and ease of use perspective. Some people don't like it because of it's (relatively) poor vulnerability record. I am far from a PIX expert, but IMHO the PIX is quite a bare bones Firewall, and it un-necessarily makes something's a pain in the a$$ to configure. Symon -----Original Message----- From: eric nguyen [mailto:[EMAIL PROTECTED]] Sent: 11 December 2002 20:35 To: [EMAIL PROTECTED] Subject: RE: migration from CheckPoint to PIX firewall [7:58989] Thanks everyone for your advices and input. Checkpoint license, maintenance and support are very expensive. We also host web services in-house and based on my research and if I understand it correctly, Pix performance is excellent. On a similarly related topic, I am studying for my Cisco CSS-1 cert. I have a "franken" pix firewall running on a 350Mhz PII CPU with 512MB of RAM on a 16MB ISA flash. I know that Cisco Pix 525 is a PIII 700Mhz processor and it supports Gigabit interface. I would like to stress test the franken pix that I have in the lab to see how much web, smtp, ftp and streaming video it can handle. The OS it is using is 6.2(2) with PDM 2.1(1). My company is looking at purchasing at the Pix525. However, my boss asks for my opinion for this before purchasing the hardware. I know that the motherboard on the "franken" pix supports CPUs between 233Mhz and up to 850Mhz. Before rushing to the web and purchasing a P3 700Mhz CPU, I would like to know if anyone has successfully running the franken pix on a 700Mhz or higher CPU. I actually tried it with a 550Mhz slot 1 CPU and the franken pix did actually work for about 30 minutes before locking up due to no CPU fan. Will it work with a 700Mhz CPU? Thanks. Eric Justin Menga wrote:Hi, A) No B) No Work arounds are to do this on a separate Cisco router - e.g. Border router perhaps. Cisco routers have good QoS, and also have a rotary NAT feature that load balances incoming packets sent to a global IP to multiple private Ips. This feature however is very simple and is nowhere near the capabilities of HTTP load balancing on Check Point (NG at least). There is also a server load balancing feature in some Cisco routers, not familiar with this though. I'd say keep the Check Point - why are you pushing it out? Maintenance expired? Regards, Justin -----Original Message----- From: eric nguyen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 3:38 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: OT: migration from CheckPoint to PIX firewall My company is looking to migrate from CheckPoint over to Pix Firewall in the next couple of months and I have been assigned to this project. I have questions about Pix firewalls. We are a small company, less than 50 people. a) Does pix firewall support QOS, traffic shaping or traffic prioritization? The checkpoint firewall we are using has a feature called "flood-gate" that can prioritize both inbound and outbound traffic. We would like to have this feature in Pix firewall as well. b) Does pix support http load balancing? Checkpoint has a feature that supports http load-balancing for inbound traffic. We need this feature to load balance our web servers. I would like to have this feature in pix as well. We don't have the budget for dedicated load-balancer such as Cisco CSS. Open freeware is out of the question, will not fly pass management. Can pix do those things above without additional hardware? Regards, Eric --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now ============================================= This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. ============================================= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59085&t=58989 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
