[Last Call] Learn how to a build a cloud-first strategyRegister Now


PIX firewall and CheckPoint

Posted on 2006-03-22
Medium Priority
Last Modified: 2013-11-16
I am new to firewall concept.Can anyone explain me how does the Administration of a PIX Firewall differ from a Checkpoint firewall?
Question by:anumit

Accepted Solution

dluetke earned 150 total points
ID: 16261485
there are many differences between these two firewalls, but I will try... leftside is Checkpoint, rightside PIX

Rules are configured by GUI <-> Command line, TXT configuration of rules
"Just configure a rule" <-> Find the correct inbound interface for a rule and configure the rule to that interface
FW Log searchable with GUI <-> FW Logs are send to SYSLOG, search by "grep", etc.
Runs under different OSes (Linux, Windows) <-> Runs under Cisco's PIX OS
Seperate management system with rulesbases and logs, etc. <-> Every thing is contained on the PIX.

.... and there are many other things!

Let me tell you my experience (responsible for 10 PIX devices and 20 Checkpoint FWs on Provider-1)

If you expect to have a somewhat small firewall infrastructure, e.g. 1-2 Firewalls with each of 2-4 Interface and say up to 30  firewall rules, which where - in addition - mostly implemented in a static way (so that they don't change often), then I would say, the PIX is your friend!

If you have more firewalls with more interfaces, then on the PIX firewall the number of rules can - and often will - rise to a level, where an easy and simple manageability of the rulebase is not give anymore. If there are also often changes to the firewall rules, go on and take Checkpoint on Secureplattform. In this case you will save much time.

Just me 2c ...

Cheers, Dirk


Expert Comment

ID: 16266051
dluetke -

I've had some experience with Cisco routers and switchs, but no experience at all with PIX. I do not intend to open a flame war (FiReWaLL-1 RuLeZ!!!111), but I'm very intersted in hearing your opinion, as a guy who has experience with both systems, in what areas PIX is superiour to FW-1.

Price? Reliability? Performance? Security? Ease of use?

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month17 days, 23 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question