[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] PIX vs. CheckPoint
Hmmmmmmmm, interesting article. Having configured and supported both Checkpoint and Cisco PIX here are my 2 cents: CP is heads above Cisco in the GUI department, although I've heard rumors of one sometime this year from Cisco. The CP GUI is easy to follow and laid out nicely. Cisco's CLI can look scarry if you haven't had any experience with their routers or switches, but if you take the time to follow the book or examples from the web site (throw in some tech support if needed) it gets easier as time foes on. Both products need the same thorough thought patterns for developing a sound security policy. I do like the fact that the PIX doesn't rely on an underlying OS. Licensing is a breeze with Cisco compared to CP. You buy the PIX already licensed and ready to go, with support an additional cost for both products. It's true there are some things that Cisco is a bit more stiff on (routing is one thing, but at least you don't have to worry about updating an ARP table on the PIX). CP logging does a nice job out of the box. With Cisco you really need a 3rd party product like Private I to get anything out of the syslog, unless you are a wiz with UNIX. VPN seems to be a challenge on both products. I've never had to use CP support (VERY lucky I guess), but Cisco is excellent at getting you a solution in a relatively short amount of time. While you can make a good v. bad case for both the PIX and FW-1 on many fronts, it usually seems to come down to people's personal preferences and warm "fuzzzies" from a particular product. Oh, and let's not forget the almighty $$$$. But again, only my opinion. Jeffrey Shuron Network Security Consultant - CCSA MPR Technologies Phone:E-Mail: [email protected] Web Address: www.mprtech.com -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Jim Brown Sent: Tuesday, January 16, 2001 6:04 PM To: 'Frank Darden'; Jim Brown; [email protected] Subject: RE: [FW1] PIX vs. CheckPoint I guess it is not very clear from my original post that I am a CheckPoint bigot as well. It becomes tiresome defending the product against biased, one-sided views. I injected my comments into the thread on the other list several times, but it becomes very frustrating when individuals highlight issues with a product that are theoretically nonexistent if you understand it or know how to use it. -----Original Message----- From: Frank Darden [mailto:[email protected]] Sent: Tuesday, January 16, 2001 3:40 PM To: 'Jim Brown'; [email protected] Subject: RE: [FW1] PIX vs. CheckPoint After reading this it is clear the reviewer has not done his homework. This is why I HATE so many product reviews, the reviewer does not put forth the effort to properly review the products. Unfortunately, many people take these reviews as fact. In the case of this review, there are severe flaws, pointless points, and generally wrong statements.. We do in house testing for theis very reason. Dont believe everything you read. I could pick this thing apart line by line, and I might if I get some time. True, I am a FW-1 bigot, but I am not neccesarily religious about anything. CP has its flaws, suprisingly I did not really see any of them listed here.. Frank -----Original Message----- From: Jim Brown [mailto:[email protected]] Sent: Tuesday, January 16, 2001 5:19 PM To: [email protected] Subject: [FW1] PIX vs. CheckPoint This document was posted in the Cisco Study group. It was inferred this was an unbiased objective view. I would be interested in this groups comments. http://www.roble.com/docs/fw1_or_pix.html ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== BEGIN:VCARD VERSION:2.1 N:Shuron;Jeffrey FN:Jeffrey Shuron ORG:MPR Technologies TITLE:Security Specialist TEL;WORK;VOICE:TEL;CELL;VOICE:TEL;WORK;FAX:ADR;WORK:;;1401 Grand Ave;Syracuse;NY;13219;United States of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:1401 Grand Ave=0D=0ASyracuse, NY 13219=0D=0AUnited States of America URL: URL:http://www.mprtech.com EMAIL;PREF;INTERNET:[email protected] REV:20000804T193745Z END:VCARD
|