Hmmm, I have opened up and configured PIX Firewall box.
Basically it is a motherboard with PCI card.
It is not a hardware firewall.
Personally in term of security, logging, performance and
manageability feature, CheckPoint is better off than PIX.
St
-----Original Message-----
From: First M. Last [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 02, 2001 12:14 AM
To: [EMAIL PROTECTED]
Subject: Re: What should I block???
PIX is wire-speed, hardware based! Checkpoint is based on the box you have
it installed, which could be better than PIX's box... agreed!, but it is
also software based.
CheckPoint does have an embedded hardware based box made by NOKIA, but that
market is not doing so well.
Khalid Khan
"John Neiberger" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've got a better idea....get rid of the Checkpoint firewall and let the
PIX
> handle everything. :-) Seriously, the PIX is a lot beefier machine. I
> would reconsider your decision to let the Checkpoint handle the brunt of
the
> traffic. The PIX can handle far more traffic than the Checkpoint,
assuming
> you have a fairly new PIX and your checkpoint FW isn't a dual 1.5 GHz
> Pentium III with a gig of RAM.
>
> Then again, I may be wrong and your mileage may vary. I guess that I
can't
> really give you a definite answer without knowing more about your specific
> goals and network topology.
>
> > Hi Group,
> > I know that this is going to be very broad but just bare with me on
> this one. We are switching over our firewall router from a bay to a cisco.
> The cisco one that I am going to work on is already pre-configured except
> for access-lists and filters. What they basically told me is that the
> checkpoint device behind it will take care of all of the intense blocking
> and forwarding, but on this FW-router we just want to block the basic
things
> that are usually not allowed through.
> > Here's what I was hoping for. Just a basic list of things that are
> normally blocked on the router above the FW. For example, I know that I'm
> gonna set an inbound access-list denying telnet so that the checkpoint
> doesn't even have to worry about that. I am just looking for a list of
> services/ports/etc., that as a rule of thumb to you FW guru's, are usually
> denied. I know this is broad and I'll understand if I don't get much
> feedback. Gotta also find that whitepaper on FW's. Concidering this will
be
> my first time coming anywhere near a FW (FW Virgin) I'm a little nervous
and
> hope you guys can help out. Thanks all, =o)
> >
> > Mark Z...
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
>
>
> _______________________________________________________
> Send a cool gift with your E-Card
> http://www.bluemountain.com/giftcenter/
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
