The PIX Firewall is one of the worst possible VPN
choices for large enterprise customers The product is
clearly deficient in ease of use and centralized
management, attributes which are key requirements for
large, scalable VPN solutions. Configuration of
multiple PIX v5.x devices requires separate telnet
connections to each device because the Cisco multi-PIX
management tool, Cisco Secure Policy Manager,
currently supports PIX 4.x only. The alternative to
the command line interface (CLI) is the PIX Firewall
Manager (PFM), which is merely a browser based tool
for conducting the telnet session. The PFM however,
only supports a subset of firewall configuration
options and no VPN configuration capabilities.
Therefore some firewall functions, and all VPN tunnel
configurations, must be set using the CLI. This is an
awkward and error-prone approach. Using the CLI to
establish VPNs requires drafting complicated
�cryptomaps� among gateways. PIX also lacks object
definition, so security policies and VPN connections
must be configured using IP addresses.
Key Differentiators
-Centralized Policy-Based Management: A single,
enterprise-wide security policy is defined and
automatically distributed to multiple enforcement
points.
-Standards Compliant Architecture: VPN-1 provides VPN
connectivity that bears the IPSec product
certification of the ICSA.
-Scalability and Interoperability: Simultaneous
support for multiple PKIs delivers industry-leading
scalable key management for VPN-1
-Cost Effective VPN Solutions: With a choice of
deployment platforms, VPN-1 networks will scale while
delivering robust security to enterprises of any size
as well as managed service providers.
-Proven Leadership: Dedicated VPN hardware market
leader
Hope that helps...let me get off my soapbox now.
Rick
--- Kindermann Timo <[EMAIL PROTECTED]>
wrote:
>
> Hi,
> I think there are a lot of differences:
> Pix is pretty fast (should make 100Mbit/s without
> any problems) but quiet stupid. We use pix as Paket
> Filter
> instead of a screening router. You cannot do any
> sensful Client authentication, loadbalancing on http
> Servers
> or filter SMTP traffic with the pix. Maximum of
> interfaces is 6 Fast Ethernet. I think pix is good
> for doing
> simple Paket-Filtering.
> Timo
>
> -----Urspr�ngliche Nachricht-----
> Von: [EMAIL PROTECTED]
>
[mailto:[EMAIL PROTECTED]]
> Gesendet am: Donnerstag, 18. Mai 2000 10:48
> An: [EMAIL PROTECTED]
> Betreff: [FW1] Comparing Cisco Pix and Nokia
>
>
>
>
> Has someone a comparison study between Cisco Pix and
> Nokia, since I have to
> provide an h/w firewall solution, the initial choice
> is towards Cisco 520 (and
> do not know the corresponding Nokia one).
> Some of the doubts I have:
> Do both offer the enterprise solution==> One
> management from which i run more
> firewall module
> Opsec fetures supported by both
> Sinthetic difference table
> Major issues and pros of each.
>
> Thanks in advace to every contribution to it.
>
> Piero
>
>
>
>
>
================================================================================
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
>
>
>
================================================================================
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
>
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
