RE: PIX VS CheckPoint [7:40136]

[Rik Guyler]

One point I believe should be mentioned is the different levels of
"awareness" each product brings to the table.  One of the strengths of the
PIX becomes its primary weakness: the lack of true integrated
application-level awareness.  While this lack makes the PIX much faster than
say Checkpoint, you don't have nearly as many options such as virus
scanning, content scanning, etc.  Rather, you are required to rely upon
additional products to handle what Checkpoint has built-in.  I know that the
PIX has a few built-in features (such as MailGuard), the selection is rather
slim.

With that said, I'm really a PIX person so don't get the wrong impression.
;-)

Rik  

-----Original Message-----
From: nrf [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 02, 2002 7:08 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX VS CheckPoint [7:40136]


On the other hand, there's a distinct third option, which is to run
Checkpoint on a dedicated hardware appliance, for example the Nokia Ipso
line of gear.  This removes one of the Checkpoint disadvantages (don't need
to know Unix or NT), but introduces another disadvantage (less flexible -
you should have included in your advantages that regular Checkpoint is more
flexible than Pix because you can integrate it with Unix and enjoy all the
features of Unix, but of course with a Nokia, you don't have that).  In
fact, the Pix and the Nokia Checkpoint are so close that it's almost a wash.
I believe the Pix is faster, but the Nokia Checkpoint is still more flexible
(but not as flexible as Checkpoint software).



""Nurudeen Aderinto""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear x,
>
> I love your presentation. You spoke well.
>
> Nurudeen
> ""x""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have setup and managed both PIX and Checkpoint in a
> > variety of environments.  I think they are both solid
> > options in different situations.  Here is how I market
> > these products.
> >
> > PIX
> > - more cost effective
> > - fast
> > - you can have fail over
> > - Can be more complicated to setup the CLI, but PIX
> > has a nice feature of allowing all traffic out and
> > none in by default.
> >
> > Who would I market this for?
> > I would target this as an ideal candidate for small
> > companies with rulesets that don't change much.  They
> > also need a Cisco savy person to manage it, usually a
> > consultant.  I am guessing you would fill this role.
> > I have only made minor changes in the firewall I have
> > managed for almost two years.
> >
> > Checkpoint
> > - nice GUI for ruleset management
> > - more expensive
> > - required to know Unix or NT ( for the love of God
> > don't use NT.  Its security is very poor out of the
> > box and requires a great deal of configuration to
> > become mildly secure )
> >
> > Who would I market this toward?
> > I would target larger companies with Checkpoint.  It
> > is easier to manage the ruleset, but more setup time
> > and more costly.  I would also say this solution is
> > slightly slower and more prone to security issues
> > since you have to patch the OS and the firewall
> > software.
> >
> >
> > --- Jeffrey Reed  wrote:
> > > Has anyone performed or seen an in depth study of
> > > PIX vs Checkpoint? I have
> > > a customer who is looking at both. Ive read various
> > > magazine articles, but
> > > nothing from real people such as this group! :)
> > >
> > > Thanks!!
> > >
> > > Jeffrey Reed
> > > Classic Networking, Inc.
> > > Cell 717-805-5536
> > > Office 717-737-8586
> > > FAX 717-737-0290
> > [EMAIL PROTECTED]
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Tax Center - online filing with TurboTax
> > http://http://taxes.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40262&t=40136
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]