From: R. Marc Baldus (rbaldus@e-one.com)
Date: Wed Jun 19 2002 - 14:18:26 EDT
Thanks to:
Adam L.
Lonnie R.
Jennifer S.
Asher F.
Wade S.
Steve P.
Ed M.
Mark
Most comments are below with the original question at the end.
A very humble thanks to all those who responded so quickly. With the
exception of one individual, I received very helpful comments. Though
the jury is still out, most seemed to find that anything utilizing Check
Point was favorable.
Again thanks,
Marc B.
*************************************************************
We used to run Sun E250's with Checkpoint FW1. I understand that the
Nokia appliances kick butt in performance over a standard Sun.
We then switched to PIX 515s. Couldn't stand them. Cisco upgraded us to
520s at no cost because of the problems we had.
I generally don't deal with the firewalls, because I don't speak
Cisco-ese, but I can't *stand* the PIXes. I'll take a Checkpoint firewall
any day. I understand they're powerful, but frankly, the interface and
rules system is so convoluted that it drives me nuts. Also, it's
apparently not easy to just add an intermediate rule -- you have to tear
down the whole ruleset and rebuild it. Checkpoint is much friendlier in
this regard. As for logging, I don't know what the Nokia can do, but I
wish I had better logging from the PIX.
I haven't even looked at the Nokia, but I'd be inclined to buy it over the
PIX.
-Adam
*************************************************************
Have you looked at the Netscreen gear???
Easy to manage, very good throughput, however it may be a little bit more
expensive.
*************************************************************
We are using Nokia IP530 w/ Check Point. (I'm sure of the Nokia model)
I think we went for that solution due to $$$ but not sure. The Nokia's are
very stable and we haven't had a problem yet. We implemented about 2 months
ago.
Thank you,
Jennifer S
*************************************************************
I would definitely go for the checkpoint/nokia direction if cost is not the
issue.
checkpoint configuration flexibility is alot better.
IMHO PIX works fine in simple/typical networks, but gets really complicated
when you're on a larger network with a lot of subnet and
requirements.
the only complain I have for checkpoint is it's pricing.
Asher
*************************************************************
I have used both and prefer the checkpoint solution for the following
reasons:
Admin is easy and intuitive.
Add ons such as transparent http/smtp/ftp virus scanning / filtering are
abundant.
Logging and reporting are way better on checkpoint.
-Wade
*************************************************************
I use both in our environment, and I find the Nokia/FW1 mix to be a good
choice if you have to deal with PHB's and GUI-only types. While the PIX
offers some nice GUI tools, I like being able to SSH or telnet in and work
on the command line. Since VPN isn't an issue, you won't go wrong with
either. I think it's going to be a matter of price and personal
preference.
Ed M.
*************************************************************
I run 26 firewalls world wide. 22 are Check Point on Sun, 4 are Pix.
I've set
up Nokia two different times with license problems each time. I use
Check Point for it's logging, debugging, support, and the way it hides
most of the
complexity so others understand the firewall too. I'm replacing the 4
Pix with
Check Point, and moving all VPN to Cisco as all sites are fully meshed
VPNs to
all other sites, and I don't like that attacks bring down my VPN tunnels at
times.
Mark
*************************************************************
Your opinion is valued...
We are trying to decide between the Cisco PIX 525 and the Nokia IP530
w/Check Point.
Does anyone have any opinions about either of these, be it good or bad?
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:29 EDT