I work in an environment where I have to be familiar with Cisco Pix, Checkpoint on Nokia and Juniper Firewall and I agree that Checkpoint wins hand-down in terms of centralize management. Checkpoint TAC support, is another matter. Juniper SSL VPN is much better product than Checkpoint Connectra. We are going to deploy Juniper SSL VPN soon in my new job and so far I am very happy with Juniper SSL VPN. Juniper TAC support is much better than Checkpoint TAC. F5 FirePass is also a very good product but TAC support is just as bad as checkpoint That's my 2c
Justin Ross <[EMAIL PROTECTED]> wrote: Just thought I would weigh on this. I helped support 600+ VPN's on Junipers for the DOD, and currently managing 200+ VPN's on a Checkpoint (R65). I have to say that it is easier to manage Checkpoint VPN's and troubleshoot them, especially in our environment where we have an exorbitant amount of NAT's and firewall rules. The Juniper's central management sucked, in my opinion, to the point where we would have to manually create the device configs by hand, and then use NSM to push. Supporting the Juniper was a lot like supporting Cisco devices, in that you have to search text files or output, hunting and searching for the configs for certain VPN's, NAT's, and rules effected by an issue. You can forget about using the web GUI for any troubleshooting or log monitoring unless you are a very small shop. Troubleshooting the VPN's took a lot longer (in my opinion) because the logging/management features are not as good as Checkpoint, I'm not sure anyone would argue that (including Juniper). Having such a large environment of Juniper VPN's (pretty much every device and configuration and version of ScreenOS Juniper makes) I ran into a lot of bugs, including anomalous VPN failures that were only resolved by rebooting the clustered devices, and strange VPN failures (key exchange) which was only solved by reloads, or solved by having updated patched version of the ScreenOS sent to us in emergency situations. Other's mileage may vary, but in my opinion Checkpoint VPN's win hands down just for ease of support and administration if nothing else. I'm not a netscreen "hater" by any means, and I would take Netscreen over Pix or ASA any day... But it just can't compare to Checkpoint. Just my 2 cents, Justin Ross -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Alan Choyna Sent: Thursday, October 18, 2007 2:46 PM To: [email protected] Subject: [FW-1] Checkpoint VPN over SSL vs Juniper Hey Guru's, l don't want a flame contest or anything here, but am wondering which is the better VPN over SSL solution, Checkpoint or Juniper? We have checkpoint appliances so am wonder if checkpoints solution are more integrated, and basically whether it holds a candle to Juniper? Juniper is the market leader, so they must be doing something right, but l want to know from you guru's who may have played with them both which is better. We have a mix of users (Windows, Mac, Linux) in case that matters, and should only have up to 50 concurrent sessions. Thanks in advance, Al ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
