I work
with both Checkpoint and NS and as noted, each product has its strengths and
weaknesses. Personally, I prefer the NetScreen for stability,
simplicity, and for the fact that it doesn't make assumptions about my VPN
proposals that I didn't tell it to make. In addition I'll admit
having a distinct bias against any FW that needs a popular OS (hardened or
otherwise) underneath it.
But I
have to say that the flexibility of the Checkpoint product, most notably having
the ability to tweak the living daylights out of your policies *offline* out of
the box, and having the ability to have multiple policies floating
about, is a strong plus on their side. I think to get the kind of
flexibility Checkpoint offers on the NS platform, you have to get into NS Global
Manager (or whatever they're calling it these days) and that means shelling out
a lot more than just the cost of procuring and installing the
box.
I
think the bottom line for me is that a NetScreen is a great set-it-and-forget-it
device. If you have a more dynamic environment Checkpoint may be the
better solution. Or, as it probably occurs in real life, the same
organization may do best with a Checkpoint in one place and an NS in
another.
Dang,
now I have to have both or I'll feel deprived :)
-----Original Message-----
From: Christopher Gripp [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 24, 2002 1:25 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Checkpoint vs. Netscreen
From: Christopher Gripp [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 24, 2002 1:25 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Checkpoint vs. Netscreen
As a LAN 2 LAN VPN appliance goes the NS is MUCH better than the Checkpoint. For software clients the CP Securemote is better than the IRE client that Netscreen uses.We deploy and manage both and they each have their strengths and weaknesses but the above mentioned are probably the biggest in my mind.
Christopher Gripp
Systems Engineer
Axcelerant
"Impartiality is a pompous name for indifference, which is an elegant name for ignorance." G.K. Chesterton-----Original Message-----
From: Faris, Craig [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 24, 2002 12:41 PM
To: [EMAIL PROTECTED]
Subject: [FW-1] Checkpoint vs. NetscreenWe currently own Checkpoint VPN-1 on NT (256 user version). I now have 3 (20-60 user) branch offices behind this firewall and need to upgrade to Enterprise. We have about 100 internal users who browse the Web and I have 2 small VPN based (2-3 user) remote offices using DSL. We are located in Ontario, Canada. Quotes I have been getting are in the $13,500-$14,500CDN (9000-9600USD approx.) for the upgrade and I will go from $2500/year (cdn) for software subscription to $5000/year (cdn).Total Today = $18500I am having trouble justifying this cost and I am considering buying a Netscreen-25 (approx $5250MSRP cdn (one time) + $900/year) or Netscreen-50 (approx $8900cdn one time) + 1950/year.)Total to Replace Today = $10850Does anyone have any input on the Netscreen vs Checkpoint? Thanks in advance.
