>Date: Wed, 13 Oct 1999 00:34:35 +0200 (MET DST)
>From: =?iso-8859-1?Q?Lars_Kronf=E4lt?= <[EMAIL PROTECTED]>
>Subject: Re: pix vs checkpoint
>
>Pardon me
>In release 5 of the PIX software, you got IPSec VPN compability and dont
>need any hardware card at any end. Version 5 was released like a week ago
>or something.
Although I could not be happier that Cisco has finally made IPSec available on the PIX
(after at least 3 changes in direction over something like 16 months), do you really
want to run code that was released a week ago on your firewall?
>
>The IPSec compability is very good. PIX workes as a branch office
>connection to a lot of other (IPSec) VPN boxes. And the client can be used
>to connect to other IPSec VPN boxes.
Can you elaborate on the "very good" compatibility of the IPSec implementation in the
PIX OS? Something like 'IKE main mode with pre-shared auth works with vendor X and Y'
would not be terribly exciting, something like 'IKE main and agressive with non-IP
address ID payloads and pre-shared, full and modified RSA auth works with these 6
vendors, and the PIX always does something reasonable with notifies' might get some
more immediate attention. Although IMHO, it would not take too much in the way of
interoperability to get better results out of the PIX than I have been able to coax
out of Firewall-1 v4.
>
>IMHO the PIX beats FW-1 in remote admin to. You can use the VPN client,
>tunnel in to the box, telnet to the box and start doing you stuff. FW-1
>needs a third party program like PCAnywhere (or something familiar) to get
>tunneled, encrypted comunication.
If you have the VPN edition of FW-1 (even if you do not have the VPN license) you get
encrypted connections b/w the GUI and the management console. You just have to be
comfortable with a partially undocumented key exchange protocol and cipher ;-)
>
>BUT, If you are interested in high end solutions, take a look att RADGuard
>( for VPN ) and Gauntlet ( for FW ).
>
>Lars KronfSlt
>
>( remember, it's my opinion, not to be confused with that of my company )
<<< previous post deleted >>>
--tcw
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
