RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?

From: Garcia, Nicholas A (Nicholas.A.Garcia@disney.com)
Date: 07/29/02


From: "Garcia, Nicholas A" <Nicholas.A.Garcia@disney.com>
To: "Mike Kleviansky" <mikeklev@bigpond.net.au>, "Dave Mitchell" <dave@jnsnet.com>, "John Adams" <jna-dated-1028183707.d09b31@retina.net>
Date: Mon Jul 29 13:49:01 2002

I have a 5xp at home (Netscreen). I used to own a Watchguard FBII and I
have used Raptor (Velociraptor), and Checkpoint on Nokia. I still love
the Netscreen. The new OS coming out is a major improvement in
usability too.

-----Original Message-----
From: Mike Kleviansky [mailto:mikeklev@bigpond.net.au]
Sent: Monday, July 29, 2002 12:14 AM
To: Dave Mitchell; John Adams
Cc: Erik M. Bataller; security-basics@securityfocus.com;
firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen -
comments?

I agree.NetScreen product is superb.

mike

----- Original Message -----
From: "Dave Mitchell" <dave@jnsnet.com>
To: "John Adams" <jna-dated-1028183707.d09b31@retina.net>
Cc: "Erik M. Bataller" <uhguhg@yahoo.com>;
<security-basics@securityfocus.com>;
<firewall-wizards@honor.icsalabs.com>
Sent: Sunday, July 28, 2002 2:31 AM
Subject: Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen -
comments?

> I personally prefer Netscreen's to either PIX or Checkpoint. My main
> factors for liking Netscreen are:
>
> 1) ASIC based appliance. More flows, more tunnels & faster crypto.
> 2) Many different models to fit the need of a particular site.
> 3) Much better price point.
> 4) Easier to manage. Great CLI and GUI.
> 5) Great IPSec interoperability.
> 6) Ability to cheaply provide RAS IPSec services. Windows or
> Linux. (freeswan)
> 7) Multiple authentication schemes. Local, RADIUS, NT, SecureID...
> 8) DS codepoint marking for traffic shaping.
> 9) Mechanisms for detecting and throttling widely used attacks.
> 10) Ability to use a websense server.
> 11) HA, Hub/spoke IPSec routing, OSPF support coming...
>
> Just my $.02.
>
> -dave
>
>
>
> On Sat, Jul 27, 2002 at 02:35:04AM -0400, John Adams wrote:
> > On Fri, 26 Jul 2002, Erik M. Bataller wrote:
> >
> > > There will be several hundred at least and I figure
> > > that some folks out there may have some interesting thoughts or
> > > comments on the different platforms that may have escaped us. We
> > > are looking for the good, the bad and the ugly. The critical
> > > issues are:
> > >
> > > security issues of the individual platform
> > > management issues (sw, firmware, policy)
> > > mechanisms for managing virus sw revisions
> > > dual vs triple interfaces
> > > we'd like to separate "home" from "work"
> >
> > Have you considered the Nokia IP120's running Checkpoint? They work
> > extremely well for branch offices, and you can admin all of the
> > policies from one place using the checkpoint management server.
> >
> > I was a big fan of PIX for many years, but after adminstering a 80+
> > firewall site at a large search engine provider, all of the issues I
could
> > discover with checkpoint were outweighed by the fact that you had
> > true, functional, central administration.
> >
> > -john
> >
> > --
> > J. Adams http://www.retina.net/~jna
> >
> > Fiber line / Shine, Enlight the Globe / In Light, communicate /
> > Connect. ~~ Lassigue Bendthaus - Fiber
> >
> > _______________________________________________
> > firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
> --
>



Relevant Pages

  • Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?
    ... > 6) Ability to cheaply provide RAS IPSec services. ... >>> security issues of the individual platform ... >> Have you considered the Nokia IP120's running Checkpoint? ... >> from one place using the checkpoint management server. ...
    (Security-Basics)
  • Re: Looking into a new firewall
    ... We currently run Checkpoint FW-1 on a Nokia box. ... I would like to move to a Linux ... FreeBSD you can use IPFW or IPF. ...
    (comp.security.firewalls)
  • Re: PIX vs Nokia/CheckPoint
    ... > appliances you were very much limited to the under riding PCI architecture ... Nokia Clustering provides Active/Active clustering ... > without any requirement to purchase any additional Checkpoint license. ... ian dot mulvihill at computer dot org ...
    (comp.security.firewalls)
  • NOKIA IP71 & Small Business Mgmt srv. Problem!
    ... This is my first time w/ CheckPoint, ... I am setting up a NOKIA IP71 appliance with the Small ... Business Management server on Win2k server sp2. ...
    (comp.security.firewalls)
  • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?
    ... > 6) Ability to cheaply provide RAS IPSec services. ... >>> security issues of the individual platform ... >> Have you considered the Nokia IP120's running Checkpoint? ...
    (Security-Basics)