RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?

From: Gregory Austin (greg@austinconsulting.com)
Date: 08/02/02


To: firewall-wizards@honor.icsalabs.com
From: Gregory Austin <greg@austinconsulting.com>
Date: Fri Aug  2 09:56:02 2002

All,

      Now I know why the moderator doesn't like to allow product X versus
product Y discussions. :)

      I wish I could shed light on this Netscreen ASIC rule limit, but as
it's never actually come up for me in the real world (I guess I've been
blissfully unaware if it's actually a problem) I couldn't really tell
you. I can tell you that in my experience there are some good size shops
using the equipment in question without problems.

      What is truly funny to me about this discussion is that, while I'm
arguing the Netscreen side for the most part here, I generally sell more
Checkpoint when I'm influencing customer decisions. Many of my customers
have needs that are better served by the Checkpoint platform (client VPN
needs, odd authentication needs, central management of a dozen firewalls
etc.) But if you just want to compare price:performance ratios (which an
awful lot of customers are interested in doing, now more than ever) it's
hard to not at least consider some of the appliance devices on the market.

      The problem now is that even in places where Checkpoint is a good
fit, how do you answer a customer who asks "Did you know that I can buy a
fail-over *pair* of PIXs for what you people are charging me for one year
of my unlimited license Checkpoint subscription & support?" You might
think you can just tell them it has more features, easier management, etc.,
but when their budgets have just been slashed by forty percent companies
tend to become somewhat cost-centric. I like Checkpoint's product just
fine--but I think they're pricing themselves out of the market.

      It may sound like I'm price-fixated, but that's just a reflection of
my customers' demands. I have a strong suspicion that if Microsoft puts a
little work into ISA server we're all going to see a lot of small to
mid-size companies using that for their gateways. And it won't be because
it's the best solution that it will gain market share, it will be because
the price is right.

      Again, these opinions are my own, and surely not those of my employer,

Greg
CISSP, CCSE, etc.

P.S. Bloated rule bases still suck.



Relevant Pages

  • Re: next the good jobs will go
    ... departments think the market will want two years from now. ... customers no longer want. ... or before design and they get what they had in mind. ... The programming process we used was called the waterfall model, ...
    (soc.retirement)
  • Re: next the good jobs will go
    ... departments think the market will want two years from now. ... customers no longer want. ... The Internet made rapid prototyping and iterative product improvement ... The programming process we used was called the waterfall model, ...
    (soc.retirement)
  • Re: next the good jobs will go
    ... departments think the market will want two years from now. ... involvement, if the customers are in a hurry, give them a skeleton ... I use the analogy of a feedback control system. ... Management information system specialists should be required to take a ...
    (soc.retirement)
  • Re: next the good jobs will go
    ... departments think the market will want two years from now. ... involvement, if the customers are in a hurry, give them a skeleton ... I use the analogy of a feedback control system. ... The programming process we used was called the waterfall model, ...
    (soc.retirement)