Le 24/11/2013 08:51, Skeeve Stevens a écrit :
Hey all,
I have a customer where we have been slowly deploying Juniper (instead of
Cisco) for their routing and switching, and that has been going well.
But the other day they asked me about replacing their Checkpoint 4800's
with Juniper SRX. For their needs, I am thinking of a pair of SRX550's.
But, I would like to justify my advice... Does anyone have any
comparisons, etc... for Checkpoint 4800's (or that family) against SRX's?
Also, rather than just touching command-line to create/change rules... is
there any GUI management tool for SRX firewall rules? I've heard of Space,
but the Juniper website only really talks about it in 'concept' and I can't
even tell if its a physical, virtual or app platform, and what it would
look like.
I've also heard of JACL - a non-supported migration/management tool, but it
seems to have disappeared from the net.
Hi,
To me it depends which features your customer requires :
- nice gui, user authentication, vpn ssl, logs ?
- strong routing capabilities, cli config ?
Why did they ask to replace the checkpoint ?
What does your customer like or doesn't like with checkpoint ?
Regarding how to migrate, there are tools available to export
configuration from checkpoint (check cprules or odumper/ofiller).
Keep in mind that checkpoint is not a zone based firewall, which means
that you have to find a way to specify the zone if you wish to migrate
automatically from checkpoint to juniper.
hope this helps.
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
