Regarding logging, you can just dump it to a syslog and use Webtrends'
Firewall Suite. It's got all the eye-candy that management usually wants:
http://www.webtrends.com/products/firewall/default.htm
Regarding GUI, the new PIX OS 6.0(1) supports all the commands you can do at
CLI except VPN (which I'm sure they'll be adding soon).
But you're right, if you really want to pull the
management/eye-candy/reporting up to the level of Checkpoint, get CSPM.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Ciaron Gogarty"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've had a lot of experience with all three firewalls.
>
> A pix is a great firewall if you want something fast and quick to install,
> but not with all the fancy bells and whistles. It's more like a box u
> install in a customers site that they don't go near unless they need
> something specific. Bad points, well one bad point is logs, the pix's
> logging capabilities are pretty poor, and the logs pretty much un-readable
> to the average non-techie type. In addition because of the sync calbes
for
> pixes u can't have a high availability solution that spans two buildings,
> they must be physically close. and its cheap
>
> Checkpoint/guantlet on the other hand being GUI front ends (yes I know u
can
> use pdf and cspm with the pix) are more prone to customer tinkering. On
the
> other hand Checkpoint has fantastic logging, a really easy to set up
client
> to site VPN, decent built in High avialability and lots of other
features...
> server load balancing etc. but can be very expensive
>
> Guantlet has moved to ver6, which currently only runs on Solaris or HPux,
> don't let them fool u it only runs on Solaris8 BUT in 32 bit mode (caught
> me out) and on HPux in 64 bit mode. I believe there are plans to run it
on
> W2K in the future. I can say that Guantlet Ver6 is much improved to
ver5.5,
> it's gui has been redesigned to resemble a checkpoint type, way better
> logging format (easy to read) and it's packet filtering and proxying rules
> are on the same page. and is also very expensive.
>
> All in all, I think pix's are the greatest, cheap, fast and effective. but
> it really depends
> on what your requirements are. If you need accountabality, traceability I
> believe the logging of the other two, and specifically checkpoint will be
> your best choice.
>
>
> -----Original Message-----
> From: Farhan Ahmed
> To: [EMAIL PROTECTED]
> Sent: 7/20/01 9:49 AM
> Subject: RE: PIX.. [7:13067]
>
> -----Original Message-----
> From: sakella locuz [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 20, 2001 11:51 AM
> To: [EMAIL PROTECTED]
> Subject: PIX.. [7:13067]
>
>
> Can anyone update me with the advantages of PIX over Checkpoint and
> Gauntlet?
>
> -a-
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13215&t=13067
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
