Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?
From: Dave Mitchell (dave@jnsnet.com)Date: 07/27/02
- Previous message: Jeremy Anderson: "Re: Syslog and Router"
- In reply to: John Adams: "Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Next in thread: Clint Harris: "RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Next in thread: Stephane Nasdrovisky: "Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Next in thread: John Adams: "Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Reply: Clint Harris: "RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Reply: Mike Kleviansky: "Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Jul 2002 10:31:26 -0600 From: Dave Mitchell <dave@jnsnet.com> To: John Adams <jna-dated-1028183707.d09b31@retina.net>
I personally prefer Netscreen's to either PIX or Checkpoint.
My main factors for liking Netscreen are:
1) ASIC based appliance. More flows, more tunnels & faster crypto.
2) Many different models to fit the need of a particular site.
3) Much better price point.
4) Easier to manage. Great CLI and GUI.
5) Great IPSec interoperability.
6) Ability to cheaply provide RAS IPSec services. Windows or
Linux. (freeswan)
7) Multiple authentication schemes. Local, RADIUS, NT, SecureID...
8) DS codepoint marking for traffic shaping.
9) Mechanisms for detecting and throttling widely used attacks.
10) Ability to use a websense server.
11) HA, Hub/spoke IPSec routing, OSPF support coming...
Just my $.02.
-dave
On Sat, Jul 27, 2002 at 02:35:04AM -0400, John Adams wrote:
> On Fri, 26 Jul 2002, Erik M. Bataller wrote:
>
> > There will be several hundred at least and I figure
> > that some folks out there may have some interesting
> > thoughts or comments on the different platforms that
> > may have escaped us. We are looking for the good, the
> > bad and the ugly. The critical issues are:
> >
> > security issues of the individual platform
> > management issues (sw, firmware, policy)
> > mechanisms for managing virus sw revisions
> > dual vs triple interfaces
> > we'd like to separate "home" from "work"
>
> Have you considered the Nokia IP120's running Checkpoint? They work
> extremely well for branch offices, and you can admin all of the policies
> from one place using the checkpoint management server.
>
> I was a big fan of PIX for many years, but after adminstering a 80+
> firewall site at a large search engine provider, all of the issues I could
> discover with checkpoint were outweighed by the fact that you had true,
> functional, central administration.
>
> -john
>
> --
> J. Adams http://www.retina.net/~jna
>
> Fiber line / Shine, Enlight the Globe / In Light, communicate / Connect.
> ~~ Lassigue Bendthaus - Fiber
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
--
- Previous message: Jeremy Anderson: "Re: Syslog and Router"
- In reply to: John Adams: "Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Next in thread: Clint Harris: "RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Next in thread: Stephane Nasdrovisky: "Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Next in thread: John Adams: "Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Reply: Clint Harris: "RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Reply: Mike Kleviansky: "Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
