Summary: Firewalls

From: R. Marc Baldus <rbaldus_at_e-one.com>
Date: Wed Jun 19 2002 - 14:18:26 EDT
Thanks to:

Adam L.
Lonnie R.
Jennifer S.
Asher F.
Wade S.
Steve P.
Ed M.
Mark


Most comments are below with the original question at the end.


A very humble thanks to all those who responded so quickly.  With the 
exception of one individual, I received very helpful comments.  Though 
the jury is still out, most seemed to find that anything utilizing Check 
Point was favorable.

Again thanks,
Marc B.



*************************************************************

We used to run Sun E250's with Checkpoint FW1.  I understand that the
Nokia appliances kick butt in performance over a standard Sun.

We then switched to PIX 515s.  Couldn't stand them.  Cisco upgraded us to
520s at no cost because of the problems we had.

I generally don't deal with the firewalls, because I don't speak
Cisco-ese, but I can't *stand* the PIXes.  I'll take a Checkpoint firewall
any day.  I understand they're powerful, but frankly, the interface and
rules system is so convoluted that it drives me nuts.  Also, it's
apparently not easy to just add an intermediate rule -- you have to tear
down the whole ruleset and rebuild it.  Checkpoint is much friendlier in
this regard.  As for logging, I don't know what the Nokia can do, but I
wish I had better logging from the PIX.

I haven't even looked at the Nokia, but I'd be inclined to buy it over the
PIX.

-Adam

*************************************************************

Have you looked at the Netscreen gear???

Easy to manage, very good throughput, however it may be a little bit more
expensive.


*************************************************************

We are using Nokia IP530 w/ Check Point. (I'm sure of the Nokia model)
I think we went for that solution due to $$$ but not sure. The Nokia's are
very stable and we haven't had a problem yet. We implemented about 2 months
ago.

Thank you,

          Jennifer S

*************************************************************

I would definitely go for the checkpoint/nokia direction if cost is not the
issue.
checkpoint configuration flexibility  is alot better.
IMHO PIX works fine in simple/typical networks, but gets really complicated
when you're on a larger network with a lot of subnet and
requirements.
the only complain I have for checkpoint is it's pricing.

Asher


*************************************************************

I have used both and prefer the checkpoint solution for the following
reasons:

Admin is easy and intuitive.
Add ons such as transparent http/smtp/ftp virus scanning / filtering are
abundant.
Logging and reporting are way better on checkpoint.


-Wade

*************************************************************

I use both in our environment, and I find the Nokia/FW1 mix to be a good
choice if you have to deal with PHB's and GUI-only types.  While the PIX
offers some nice GUI tools, I like being able to SSH or telnet in and work
on the command line.  Since VPN isn't an issue, you won't go wrong with
either.  I think it's going to be a matter of price and personal
preference.


Ed M.

*************************************************************

I run 26 firewalls world wide. 22 are Check Point on Sun, 4 are Pix. 
I've set
up Nokia two different times with license problems each time. I use 
Check Point for it's logging, debugging, support, and the way it hides 
most of the
complexity so others understand the firewall too. I'm replacing the 4 
Pix with
Check Point, and moving all VPN to Cisco as all sites are fully meshed 
VPNs to
all other sites, and I don't like that attacks bring down my VPN tunnels at
times.

Mark

*************************************************************

Your opinion is valued...

We are trying to decide between the Cisco PIX 525 and the Nokia IP530 
w/Check Point.

Does anyone have any opinions about either of these, be it good or bad?
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed Jun 19 14:23:25 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:47 EST