Solved

Checkpoint vs PIX

Posted on 2002-05-13
18
30,000 Views
Last Modified: 2013-11-16
I have a competitive overview from Checkpoint for why Checkpoint is better than PIX. I need a competitive overview from Cisco about why PIX is better than Checkpoint. Does anyone know where to find one? It must have all the technical stuff in there as well. Thanks.
0
Comment
Question by:buyer
  • 6
  • 4
  • 3
  • +4
18 Comments
 
LVL 1

Expert Comment

by:tonimargiotta
ID: 7007879
You should probably read this lab test .........

http://www.networkcomputing.com/1223/1223f2.html

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7008649
PIX is half the price !
Check Point is good for large scale Enterprise firewall management, PIX is traditionally good for singular installations, however, with the release of PIX device manager, it's easier to implement PIX on a larger scale, as long as the config isn't too complicated.
Also look at Netscreen - fastest of the bunch and similarly priced to the PIXes.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7011220
And don't forget to look at Netscreen.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7011223
Oh and another thing, CheckPoint prices vary wildly with who you're buying the hardware from.  Check out www.intrusion.com, which has appliance systems that are much less expensive than the Nokia's.  Also check out CheckPoints "Linux appliance on a CD" solution.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7011411
Check Point is very much reserved for top-end, enterprise level networks, both in price and in the things it does.
It's getting even more higher-level with the release of NG (and more expensive!).
If there is only a single firewall requirement, DON'T go with Check Point - Netscreen, Cisco are much better (and cheaper) and doing this sort of thing.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 7013589
Everyone has their preferences in terms of firewall solutions.

Checkpoint are, perhaps intentionally, pricing themselves out of the medium size market and straight into the enterprise market.  My only question is why anyone with a large enterprise would deploy Checkpoint on an NT server.

Cisco's solution is good in that it is very modular - the web blocking is handled by Web Trends, the NAT by the router, the authentication by TACACS, etc...

I like the Watchguard solution a lot.  It's neat, intuitive, comptetitively priced and has excellent VPN support.

I guess it you don't need more than three interfaces and aren't dealing with modest throughput requirements, an appliance will serve you well
0
 

Author Comment

by:buyer
ID: 7015328
Ive checked out all leads but still am looking for an OVERALL comparison between the PIX and Checkpoint (NG). So far tonimargiotta is close but that really only covers HA.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7016346
Although both firewalls, they are suited to different installation types, so comparison is not really fair, which is why there aren't many.
What environment are you looking to install in, and I'll advise which one would be more suitable... ?
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7016938
Also, given the $300 CheckPoint Sofaware box and the $500 Intrusion.com CheckPoint box, I don't think you can say that CP is priced out of the small market.  That said, it is definitely true that they don't necessarily fit every installation either.

It's not that I'm a CP fan, but rather that I'm pointing out that there are CP based solutions for small companies.

But there are also very good PIX and Netscreen solutions for them.  You really need  to look at all three, and also examine what firewall features you really want/need.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:buyer
ID: 7017779
It shouldnt matter what envirnment there in. What Im looking for is stuff like:
CP can do Anti-spoofing right on the firewall, can PIX?
CP can do SYN flood protection, can PIX
CP has Hide NAT but PIX uses PAT

Things like this. Im not concerned about what the Cisco router can do. I only care about the PIX capabilities. Thanks.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7021679
Generally speaking, all the leading firewalls are capable of doing the same things.  The question is which one is best for the particular type of thing you actually need to do.  But we can't help you unless we know the particular problem you're trying to solve.

My advice is to write down a description of exactly what you want your firewall to do, and then invite the vendors in to explain how their solution can fit your needs.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7021921
(PIX capabilities are listed on the Cisco website)
0
 

Expert Comment

by:1stomni
ID: 7022444
There is no comparison, any firewall on NT is not a firewall.  Unless you have nothing better to do than to patch and upgrade NT each and every day, it is absolutely a waste of time to use CheckPoint.
0
 
LVL 1

Accepted Solution

by:
tonimargiotta earned 50 total points
ID: 7023751
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7027002
Nice links.... bear in mind that you get PIX device manager with PIX now - Java based, which makes simple tasks easier (ie assigning IP addresses, zones etc), but the tricky stuff still needs to be done via the cmd line.
0
 

Author Comment

by:buyer
ID: 7033267
These were just about what I wanted although whenever I see Cisco compared to Checkpoint I always see that PIX uses a new version and Checkpoint using the old 4.1 version. A lot of fixes were added to NG. Thanks again.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7042347
Found this on my travels - you can have hours of fun with this !

http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 

Expert Comment

by:mgbyrne2004
ID: 11497502
*** advertising removed by Netminder, Site Admin ***
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
How to batch remove spreadsheet password 19 90
View Security Group Permisssions 6 42
DHCP on ASA 3 24
stacking switches 2 26
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now