James,
I would say that you should look at what the associate costs would be with
moving to the latest version of the PIX software (6.x). The new version
apparently has a GUI and you may find that helpful. Both the PIX and Check
Point are stateful inspection firewalls (let's avoid the stateful inspection
argument). I am certified on Check Point and thus have a lot more
experience with them. My new company has a PIX so I am getting acquainted
with it. I have found that there are certain areas where the PIX
configuration is easier than Check Point in spite of the command interface.
The Check Point GUI is without equal. Creating rules is a breeze. Showing
your supervisor or someone who works for you the logic of the rule base in
Check Point is also straight forward.
I would ding PIX and to a lesser extent Check Point for their management
logs. Check Point has a log viewer and with some work and manual commands
you can export it to a standard format. Both products have third party
add-ons for making better sense out of the logs.
In spite of my vast experience with Check Point I have no intention on
flushing our security investment to move to Check Point. You probably
shouldn't either. I would consider intrusion detection systems or whatever
step might be the next logical step in improving the security of your site.
One final note, a lot of people have complained in the past about how much
of a pain Check Point's licensing system was. That has all changed with the
release of Next Generation. Another positive with the new release is no
more putkeys. They were a major pain. And as I mentioned earlier, PIX 6.x
has a GUI that looks pretty good and seems very logical. Both products keep
improving so as customers we are the winners.
Ed
-----Original Message-----
From: James Drake [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 14, 2001 12:54 PM
To: [EMAIL PROTECTED]
Subject: PIX vs. Firewall-1
I'm curious to know if anyone can give me a good analysis/opinion on
whether or not a migration from a PIX 515 firewall to Checkpoint
FIrewall-1 is worth the cost associated with such a move. So far the
only benefit I can find that makes me seriously contemplate such a move
is my lack of familiarity with Cisco IOS. It seems that the management
abilities of the CP Firewall-1 are far superior to PIX, but that is just
an observation made by reading the literature available not by actual
comparison testing. If anyone can give me their opinion on the subject I
would be greatly appreciative.
Regards, James
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
