Re: Nokia and CheckPoint or Cisco?

We currently use PIX-520s on the edge. Its' GUI (PDM 3.0) is flaky
sometimes -- it seems to suck in the entire running-config into its'
workspace, and when you make changes and hit "apply" it (over)writes
the entire config back out to the PIX (not just the new/changed lines.)
I've already have had one instance where it failed to write out the
whole config, and boom! -- no Internet access! (fortunately, the second
re-apply worked.) That's the last time I ever used PDM to make
changes... :P Admittedly, the PIX-520 is an older platform, but I think
we have the most current PDM for it.

Never have used Nokia/Checkpoint, so can't comment there.

From what I've been reading on the 'net, Cisco lags somewhat in
firewall technology as compared to Checkpoint, Symantec, BlueCoat, etc.
Of course you can find proponents and detractors of any vendor's
platform(s), but that's the consensus I've been able to determine (we
are looking to replace our aged PIXen as well...) I even have one (well
respected) person telling me to replace our PIXen with MSFT's ISA 2004.
We use ISA behind our PIX, and it does have a very attractive GUI, and
I find it very easy to set up and use. We aren't using it as an edge
firewall however, or terminating VPNs, etc. on it, so I'm not pushing
it to any limits...


K wrote:
It's almost time to replace our hardware firewall at work.

Currently use a Nokia IP330 box with CheckPoint on. Run a DMZ and private
network off it.

Considering whether to replace the IP330 with the new (it's replacement)
IP390 and keep CheckPoint, or whether to look at something like the Cisco
PIX (which I have used in the past).

I like the GUI on CheckPoint for ease of management, but I know the Cisco
PDM has a basic GUI for PIX (though not sure how this compares).

GUI aside, I guess my question is, which is the better product?