Comparison between checkpoint VPN-Gateway and Microsoft ISA

What's the comparison between checkpoint VPN-Gateway and Microsoft ISA.
Can I get documentation for the comparison of the two product?
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

Regardless of feature comparison, do you really want a firewall that's deeply integrated into Windows?  Regardless of how good the ISA code itself is, you can't possibly tell me this is a good idea from a security standpoint.

Not that CheckPoint has a spotless record either, but it's generally pretty solid.
Mariecel_LSIAuthor Commented:
You've given me great  nswers that will support on my documentation.You've given me what i've wanted.
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Mariecel_LSIAuthor Commented:
    Can you expound your answer pls? It's the best but I need to document this comparison of the two product.Thank you.
Tim HolmanCommented:
If you take the time to harden Windows properly, then it is pretty secure.
There were vulnerabilities en masse to do with IIS and IE, but if you disable these, then you're relatively safe.
However, the architecture of Windows is designed around an application based operating system.  There's a lot of junk in there that will slow it down.
Unfortunately, Microsoft never gained the trust of the security community - they always have been and always will be the #1 hack / crack target by the anarchists and anti-captialists.  Such an extensive probe of any operating system will eventually find vulnerabilities, and if it is closed, rather than open like Linux, then they are just waiting to be discovered, rather than known about and patched.
Plus with Windows you've got all the moving bits - fans, hard disks, keyboards, mice, cables, which are prone to failure and generally take systems down.
A solid state firewall (eg Cisco PIX, Netscreen) is far more reliable, and faster.  The only moving bit is a fan, and usually these are installed redundantly.
This also applies to Check Point - it is based on an I386 / hard disk architectures, although if you run it on Linux it's very fast, as it was designed around UNIX in the first place...
It wasn't so much those things I was thinking about, but more that the ISA code shares a lot of the IIS and IE code for web handling (known true based on past vulnerability disclosures).  So, if IIS and IE can't be trusted, then neither can ISA.
Mariecel_LSIAuthor Commented:
Thank you Chris Calabares and Tim Holman for all teh answers.I think thats enough for my client to go on Checkpoint rather that Microsoft ISA.
All Courses

From novice to tech pro — start learning today.