On 24 May 2000, Jose Rojo wrote:
>
> Hello all.
>
> Which is the best firewall between Checkpoint�s Firewall-1 and Cisco PIX 520 ?
> and why ?
Well let's see, you asked the Firewall-1 list, so I assume you're
expecting people to say PIX is better. :) Honestly, I've looked at both
and have talked to Cisco extensively about their PIX product. Cisco will
tell you straight up (at least they told me) that their product is about a
generation behind Checkpoint. With Firewall-1 2000, it's probably closer
to two generations behind in my opinion.
PIX is basically a NAT box that Cisco then added "firewalling"
capabilities too, while Firewall-1 was designed from the beginning to be a
firewall. The Firewall-1 GUI is much better than PIX in most people's
opinion, and Firewall-1 has significantly more/better 3rd party support
and the ability to add some really nice modules (bandwidth management, IP
management, anti-virus, etc).
> Which is more secure and fast ?
Both lately have had their fair share of "vulnerabilities". Last I heard
though Cisco still hasn't fixed a rather serious DOS attack in the PIX,
while I'm not aware of any outstanding bugs in Checkpoint that don't have
a work around.
VPN on Checkpoint is faster and is capable of more throughput (especially
with the VPN Accellerator card).
Which is king of throughput is dependant on which PIX you buy and what
hardware/OS you run Checkpoint on.
For Firewall-1:
NT < Solaris < Linux
where each OS is about 30% faster than the previous.
--
Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
Security Engineer Vicinity Corp.
Cell: 408-314-9874 http://www.vicinity.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
