Solved

Checkpoint vs PIX

Posted on 2002-05-13
18
30,063 Views
Last Modified: 2013-11-16
I have a competitive overview from Checkpoint for why Checkpoint is better than PIX. I need a competitive overview from Cisco about why PIX is better than Checkpoint. Does anyone know where to find one? It must have all the technical stuff in there as well. Thanks.
0
Comment
Question by:buyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +4
18 Comments
 
LVL 1

Expert Comment

by:tonimargiotta
ID: 7007879
You should probably read this lab test .........

http://www.networkcomputing.com/1223/1223f2.html

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7008649
PIX is half the price !
Check Point is good for large scale Enterprise firewall management, PIX is traditionally good for singular installations, however, with the release of PIX device manager, it's easier to implement PIX on a larger scale, as long as the config isn't too complicated.
Also look at Netscreen - fastest of the bunch and similarly priced to the PIXes.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7011220
And don't forget to look at Netscreen.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7011223
Oh and another thing, CheckPoint prices vary wildly with who you're buying the hardware from.  Check out www.intrusion.com, which has appliance systems that are much less expensive than the Nokia's.  Also check out CheckPoints "Linux appliance on a CD" solution.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7011411
Check Point is very much reserved for top-end, enterprise level networks, both in price and in the things it does.
It's getting even more higher-level with the release of NG (and more expensive!).
If there is only a single firewall requirement, DON'T go with Check Point - Netscreen, Cisco are much better (and cheaper) and doing this sort of thing.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 7013589
Everyone has their preferences in terms of firewall solutions.

Checkpoint are, perhaps intentionally, pricing themselves out of the medium size market and straight into the enterprise market.  My only question is why anyone with a large enterprise would deploy Checkpoint on an NT server.

Cisco's solution is good in that it is very modular - the web blocking is handled by Web Trends, the NAT by the router, the authentication by TACACS, etc...

I like the Watchguard solution a lot.  It's neat, intuitive, comptetitively priced and has excellent VPN support.

I guess it you don't need more than three interfaces and aren't dealing with modest throughput requirements, an appliance will serve you well
0
 

Author Comment

by:buyer
ID: 7015328
Ive checked out all leads but still am looking for an OVERALL comparison between the PIX and Checkpoint (NG). So far tonimargiotta is close but that really only covers HA.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7016346
Although both firewalls, they are suited to different installation types, so comparison is not really fair, which is why there aren't many.
What environment are you looking to install in, and I'll advise which one would be more suitable... ?
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7016938
Also, given the $300 CheckPoint Sofaware box and the $500 Intrusion.com CheckPoint box, I don't think you can say that CP is priced out of the small market.  That said, it is definitely true that they don't necessarily fit every installation either.

It's not that I'm a CP fan, but rather that I'm pointing out that there are CP based solutions for small companies.

But there are also very good PIX and Netscreen solutions for them.  You really need  to look at all three, and also examine what firewall features you really want/need.
0
 

Author Comment

by:buyer
ID: 7017779
It shouldnt matter what envirnment there in. What Im looking for is stuff like:
CP can do Anti-spoofing right on the firewall, can PIX?
CP can do SYN flood protection, can PIX
CP has Hide NAT but PIX uses PAT

Things like this. Im not concerned about what the Cisco router can do. I only care about the PIX capabilities. Thanks.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 7021679
Generally speaking, all the leading firewalls are capable of doing the same things.  The question is which one is best for the particular type of thing you actually need to do.  But we can't help you unless we know the particular problem you're trying to solve.

My advice is to write down a description of exactly what you want your firewall to do, and then invite the vendors in to explain how their solution can fit your needs.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7021921
(PIX capabilities are listed on the Cisco website)
0
 

Expert Comment

by:1stomni
ID: 7022444
There is no comparison, any firewall on NT is not a firewall.  Unless you have nothing better to do than to patch and upgrade NT each and every day, it is absolutely a waste of time to use CheckPoint.
0
 
LVL 1

Accepted Solution

by:
tonimargiotta earned 50 total points
ID: 7023751
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7027002
Nice links.... bear in mind that you get PIX device manager with PIX now - Java based, which makes simple tasks easier (ie assigning IP addresses, zones etc), but the tricky stuff still needs to be done via the cmd line.
0
 

Author Comment

by:buyer
ID: 7033267
These were just about what I wanted although whenever I see Cisco compared to Checkpoint I always see that PIX uses a new version and Checkpoint using the old 4.1 version. A lot of fixes were added to NG. Thanks again.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 7042347
Found this on my travels - you can have hours of fun with this !

http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 

Expert Comment

by:mgbyrne2004
ID: 11497502
*** advertising removed by Netminder, Site Admin ***
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question