Solved

Which is better PIX v checkpoint

Posted on 2003-12-03
8
920 Views
Last Modified: 2013-11-16
Which firewall has more features and is more secure the Pix or the Checkpoint
0
Comment
Question by:happythedog
8 Comments
 

Expert Comment

by:doehni
ID: 9869751
you cant really give an statisfying answer to this question - for myself i prefer
netscreen appliances. it depends on your infrastructure:

if you have a lot of cisco devices like routers and switches I think pix is good because
you dont need to invest for knowledge because its very similar to ciso IOS. but ... simple
things like NAT are very difficult to configure on the pix...and the vpn config is horrable.
you cant use the web management "PIX Device Manager" because its buggy, slow and
uncomfortable.

if money doesnt matter and you dont have any fear of complicated licenses management
then checkpoint is a good choise. its very expensive, you have a lot of OPSEC partner software
for clusterung, URL filtering, virus protection....but here also..it isnt easy to setup checkpoint
with thinks like NAT, VPN .... it may be an advantage if you can install the checkpoint software
on the hardware platform of your choise but I suggest to buy NOKIA appliances because you dont
need to have additional hardwae, hardend os .

netscreen compines all the missing features of pix and checkpoint in one product...you have ASIC based
appliances. very easy management....you need only ~15minutes to setup the box to connect lan-to-internet
with pppoe interface.

hope this helps a little bit ;)
bye
andre
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9872202
andre, when was the last time you saw the PIX Device Manger? The new 3.0 version is really slick...and I can get a PIX up and running with NAT and VPN's within 15 minutes.

Agree that we can't answer this for you. It all depends on your goals, your budget, your expertise, and your security policies.
I personally like the PIX over Checkpoint, and I agree that checkpoint is much more complicated and expensive than the others. Most of the Checkpoint installations I've seen run it on a SUN platform, but I think they offer an appliance now.

You might check out Symantec's new gateway boxes. Pretty slick.

Our company uses Netscreen and they have to reboot the firewall once a week. That should never be necessary...
0
 
LVL 3

Expert Comment

by:yokel
ID: 9880954
I think it is what you are used to!
I've been using Checkpoint FW4.1 for 3 years and I think setting up NAT's and VPN's are a piece of cake and is even easier with Checkpoint NG.
The one thing I do agree with though, is that licensing is more complicated then a Hollywood divorce! Everytime I want to purchase or upgrade a product, I seem to get into endless discussions about licensing.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 9892673
Just my 2 cents:  I (we) use a PIX 501 and find it very satisfactory in our operations.  Not hard to setup (lrmoore) and the Cisco VPN client that you can dnload connects like a dream.

Of course, this comment is only worth the 2 cents because I have never had to setup a checkpoint firewall, although I do have clients that have had nightmares trying to get checkpoint and cisco to talk to each other.

Happy Holidays to all.

FE
0
 
LVL 6

Expert Comment

by:tatw
ID: 9897340
With the latest Application Intelligence feature in Checkpoint NG, I think Checkpoint is the best firewall.

Because for PIX or Netscreen, although they also have stateful inspection technology. But in today's complex world, they are not enough.

For example, for Checkpoint NG AI, you block Windows media stream, ICQ , yahoo ... that tunnel in port 80. I cannot find similar feature in Netscreen in this moment.

Also, it can block those nimda worm automatically even if you open up port 80 to the Internet world.

The license of Checkpoint is relatively cheaper and flexible right now(when compare with its olddays)

If we talk about setup and maintenance, I love netscreen. Easy and Simple.
0
 
LVL 13

Expert Comment

by:Gnart
ID: 9932201
lrmoore,

Pix Device Manager is a copy of Checkpoint interface.  Cisco engineers are even laughing about it....

happythedog,

You really need to compare for yourself.... I like Checkpoint for certain area.  I like Pix for other.  Which one was you trained on?  

Start with geting their reps in and ask the rep to tell you about the competition.  Ask the rep about the weakness that you learned about their products.  Things to ask startup cost, features, training, cost of ownership, strengths and weaknesses, client reference.  You will be surprised, then you toss a coin.

I like Checkpoint then, Pix is ok..... What I like best was what the military used....but it's available commercially.  

cheers
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11468628
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

--> PAQ - No refund

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

tim_holman
EE Cleanup Volunteer
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11501095
PAQed - no points refunded (of 20)

modulo
Community Support Moderator
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question