Can of worms is right... I have worked with both Pix and FW-1 (NT not Nokia)
and in that sense better is a very subjective term. The Firewall 1 is by far
easier for someone who is not intimately familiar with TCP/IP to manage, but
the logging facilities and log viewer (4.0 SP7) were slow and about
worthless. the Pix will log to Syslog (Unix or NT) and can then be imported
into a SQL or Access database for further investigation, this is not
possible with the version of FW-1 I am familiar with. Webtrends does make a
nice reporting tool that can be purchased for FW-1 and ther is Private Eye
for the Pix, both of which are nice additions for trend analysis, but cost
extra money. For this reason I prefer the Pix. Although the FW-1 is usually
the less expensive option. The other question is, do you have a compelling
reason to upgrade? If not I recommend against it, as changing your firewall
requires a lot of rulebase tuning and could be a time consuming and error
prone process(depending on the complexity of your environment, ie how many
internet service you offer). On top of that there is not a tool AFAIK that
will port your FW-1 rulebase file to Conduit/Static staments for the Pix. I
think a better question would be, "Which firewall is better suited to my
environment?". And then of course a little information about your internet
connection speed, number/type of services offered to internet/LAN from DMZ,
and your overall design goals would allow us to better theorize which would
best suit your needs. In my opinion, stick to what you know for your
production environment and save the new stuff for the Lab where it can be
throoughly learned and tested prior to implementation.
Ken Claussen MCSE CCNA CCA
[EMAIL PROTECTED]
"The Mind is a Terrible thing to Waste!"
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve Kent
Sent: Friday, March 30, 2001 4:13 PM
To: Timothy K. Cornelius
Cc: [EMAIL PROTECTED]
Subject: Re: which firewall is better
You have just opened a can of worms - they are both good - each has a
different way of doing things though. My experiance is that the FW-1/Nokia
works great for Internet traffic but boggs down when you are firewalling
between LANS or any high bandwidth connections. FW-1 is certainly easier
to manage and track logs with then a PIX.
JMHO - sjk
On Fri, 30 Mar 2001, Timothy K. Cornelius wrote:
>
>
> We are currently running CheckPoint FW-1 on a Nokia 440. My boss wants to
> replace it with a Cisco Pix firewall.
> My question is which is the better firewall and why. I need a reason to
keep
> the current firewall. I personally like the FW-1, but I am also certified
in
> it too.
>
> any help is greatly appreciated
>
> Timothy K Cornelius
> Systems/Network Administrator
> LIFE Outreach International
> 817-267-4211 ext. 463
>
> when you call the office number
> it will roll over to my cell
> phone after a few rings
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
_____________________________________
Steven Kent
Senior Consultant
onShore, Inc. -- Network Engineering Group
312.850.5200
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
