Wow, spoken like a true person who believes they know a lot more than they really do!
Elping's assessment of CheckPoint is pretty much right on there. And your response to it shows many things, including your areas of weakness beyond the marketing fluff that Checkpoint likes everyone to believe. You concede about the support though, which there's no arguing against! Shifting your point from "God Save CheckPoint" to "CCIE's aren't all that" isn't necessarily a bright thing to do in a Cisco mailing list. (WHY are you here again?) I'm happy you know how to do the nmap utility and it's features. I don't memorize that, nor would I care to. Perhaps your CCIE's were looking to gain your "valuable" insight on running that. Being a CCIE does not mean that you know everything. It means you can solve some complex problems, and have experience on Cisco gear. Solving problems may mean referencing the right people/items to solve a problem. Shame on them for looking to you for assistance only to get stabbed in the back by it. As a side note, you mention working for a Linux shop and being amazed by the CCIE's lack of knowledge. I assume they weren't hired for their unix-specific knowledge. How much do you know about OSPF in detail? Would you need to ask anyone for help (remember, they may fire you later because you were incompetent)? Many unix folks I know can modify the kernel to levels far beyond what I have ever cared to know, but they can't subnet to save their lives? So your four CCIEs at $130k a year were sucking your budget dry, but you at $100k a year weren't? That's pretty selective budgeting! So I'll turn your initial statement back towards yourself... Until you really know what you're talking about, do NOT make any statements regarding Cisco, CCIEs or the PIX vs. Checkpoint without knowing all the facts. It is pretty obvious that your focus (and thought-process) is single-threaded and limited in nature. Worse, you have wasted my time and bandwidth with this message. *sigh* Scott PS. Unix is a "general purpose operating system" as well. :) And Nokia is routinely 2-3 months behind in updates due to testing it's software configurations with its hardware. -----Original Message----- --- adrian jones wrote: > Elping, > Please do NOT make any statements regarding > CheckPoint Firewall without > knowing all the facts. I've been working with both > Checkpoint and Pix firewalls. I > even build a few "franken" pix firewalls so that I > can learn as much as I can about > Cisco Pix firewalls. The "franken" pix firewall > actually help me landed my current job > that pays 100k/year. Both CheckPoint and Pix > firewalls have its strength and > weaknesses. I agree that Cisco TAC is much superior > than CheckPoint support. > The "no text configuration" that you refer to in > CheckPoint, you must be refered to > running CheckPoint on Winblows platforms. NEVER RUN > FIREWALL ON A > GENERAL PURPOSE OPERATING SYSTEM. If you worry > about cost, check out > CheckPoint SecurePlatform. If you are "unix" > literate, does the term "tcpdump" > mean anything to you? That's how you troubleshoot > my friend. > Now if you are talking about cost, Cisco Pix will > beat CheckPoint by a long shot in > term of performance for your $. However, for a > small/medium business, Checkpoint > does come with a lot of features such as URL > filtering (native), http load balancing, > etc which Pix doesn't have (without 3rd party > products). For enterprise environment, > CheckPoint does come with ClusterXL (aka, > load-sharing or Active/Active Firewall), > which again, Pix doesn't support. Last but not > least, CheckPoint does have > a very nice Management piece called "provider-1" > that Cisco Pix doesn't have. > I do have to say that the price for CP products is > totally "outrageous"; however, CP > is a good product. > In terms of hardware product, you can run CheckPoint > on Nokia Platforms which is > very stable and proven product. New version of > Nokia firewalls do come with > Flash instead of hard-drive so that the reliability > is very high. Nokia is a big partner > with CP. You can get CP support if you purchase > Nokia firewalls from Nokia. Nokia > TAC is just as good as Cisco TAC. > I've completed my first week at my new job as a > Security Engineer and I am amazed > at the # of Cisco Certified folks at my company that > are completely incompetent and > downright clueless at what they can do. We are a > consulting company and being in > the consulting business, you are forced to know > pretty much about everything. > I have a couple of CCIEs in the office came to me > and ask me how to restart > sendmail and postfix (we are a linux shop) in linux. > Another CCIE asked me how to > use "nmap" in unix. The last one is down right > funny, one CCIE asked how to start > Apache in Solaris. It just seems to me like R&S are > all they know and nothing else. > We also do R&S here but at these times, demands for > those have not been that > great. Therefore, we have to branch into other > things such as Security (PIX, > CheckPoint, Wireless, IDS, etc...) > I brought these issues to my boss attention last > wednesday and on thursay he > > ordered me to 'clean' house. The first thing I did > was to send "pink" slips to all > > 4 CCIEs in the group and told them that they are > fired because they don't know > > anything other than R&S. They were making > $130k/year and sucking almost all of > > our budget. > > My advice to everyone out there is to keeping > learning other things in addition to > > the R&S. The market for CCIEs is not as good as it > used to be. You better know > > other things especially Unix and Firewalls than just > merely R&S. There will be lot > > of good peopel competing for the same jobs and the > only way you can show the > > potential employers that you are better than the > other guy is by showing them that > > you know other things not just R&S. > > Just my .02c. > > Adrian > > > > elping wrote: > I work with the checpoint firewall ...and let me > tell you they are gui based and very > easy to coinfigure...but do they suck.....ther is no > text configuration . the debugging > sucks...and most of the times i have called > checpoint for support ..i have done everything by > the book...and > they suggest reboot ....sucks .. > > 98 perfecnt of the time they suggest to stop the > engine and restart it .. > anyways i think anything that has a hardrive sucks > ... > > > i predict they (checkpoint) will die soon if they do > not come out with a hardware product....... > > > > Louis Young wrote: > > > if the topic of security comes,not actually only > one vendor of cisco systems,there are many other > options. > > netscreen,checkpoint,etc. > > why stick with cisco,just coz it is stronger?I > don't think so :) > > > > ----- Original Message ----- > > From: "Chuck Church" > > To: "Louis Young" ; "Security" > > Sent: Sunday, December 08, 2002 11:22 PM > > Subject: Re: Hello > > > > > Couple reasons actually. I've worked with PIXs > and VPN in the past, and > > > would like to really become stronger in the > technology, especially the IDS > > > and AAA stuff. The R&S hasn't been the 'pot of > gold' that it once was, so > > > I'm still under-employed (only working part > time) currently. So between > > > wanting to further my skills and having the > available time to do it, here I > > > am! > > > > > > Thanks, > > > > > > Chuck Church > > > CCIE #8776, MCNE, MCSE > > > > > > > > > ----- Original Message ----- > > > From: "Louis Young" > > > To: "Chuck Church" ; "Security" > > > > > > Sent: Sunday, December 08, 2002 9:53 AM > > > Subject: Re: Hello > > > > > > > > > > Hi,having seen your active behavior in R/S > list for a long time :) > > > > why think about security? > > > > > > > > > > > > > > > > Regards, > > > > Louis > > > > > > > > ----- Original Message ----- > > > > From: "Chuck Church" > > > > To: "Security" > > > > Sent: Sunday, December 08, 2002 12:17 PM > > > > Subject: Hello > > > > > > > > > > > > > All, > > > > > > > > > > I just thought I'd introduce myself. I'm > thinking pretty hard about > > > > > going for the CCIE Security. My current CCIE > is R&S. Haven't seen any > > > > > messages since I joined yesterday, just > wondering if there's many people > > > on > > > > > this list. > > > > > > > > > > Thanks, > > > > > > > > > > Chuck Church > > > > > CCIE #8776, MCNE, MCSE > > === message truncated === __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59244&t=59244 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
