Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?

From: "Garcia, Nicholas A" <Nicholas.A.Garcia () disney com>
Date: Mon, 29 Jul 2002 13:00:10 -0400
I have a 5xp at home (Netscreen).  I used to own a Watchguard FBII and I
have used Raptor (Velociraptor), and Checkpoint on Nokia.  I still love
the Netscreen.  The new OS coming out is a major improvement in
usability too.

-----Original Message-----
From: Mike Kleviansky [mailto:mikeklev () bigpond net au] 
Sent: Monday, July 29, 2002 12:14 AM
To: Dave Mitchell; John Adams
Cc: Erik M. Bataller; security-basics () securityfocus com;
firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen -
comments?


I agree.NetScreen product is superb.

mike

----- Original Message -----
From: "Dave Mitchell" <dave () jnsnet com>
To: "John Adams" <jna-dated-1028183707.d09b31 () retina net>
Cc: "Erik M. Bataller" <uhguhg () yahoo com>;
<security-basics () securityfocus com>;
<firewall-wizards () honor icsalabs com>
Sent: Sunday, July 28, 2002 2:31 AM
Subject: Re: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen -
comments?



I personally prefer Netscreen's to either PIX or Checkpoint. My main 
factors for liking Netscreen are:

1) ASIC based appliance. More flows, more tunnels & faster crypto.
2) Many different models to fit the need of a particular site.
3) Much better price point.
4) Easier to manage. Great CLI and GUI.
5) Great IPSec interoperability.
6) Ability to cheaply provide RAS IPSec services. Windows or
   Linux. (freeswan)
7) Multiple authentication schemes. Local, RADIUS, NT, SecureID...
8) DS codepoint marking for traffic shaping.
9) Mechanisms for detecting and throttling widely used attacks.
10) Ability to use a websense server.
11) HA, Hub/spoke IPSec routing, OSPF support coming...

Just my $.02.

-dave



On Sat, Jul 27, 2002 at 02:35:04AM -0400, John Adams wrote:

On Fri, 26 Jul 2002, Erik M. Bataller wrote:


There will be several hundred at least and I figure
that some folks out there may have some interesting thoughts or 
comments on the different platforms that may have escaped us.  We 
are looking for the good, the bad and the ugly.  The critical 
issues are:

  security issues of the individual platform
  management issues (sw, firmware, policy)
  mechanisms for managing virus sw revisions
  dual vs triple interfaces
    we'd like to separate "home" from "work"


Have you considered the Nokia IP120's running Checkpoint? They work 
extremely well for branch offices, and you can admin all of the 
policies from one place using the checkpoint management server.

I was a big fan of PIX for many years, but after adminstering a 80+ 
firewall site at a large search engine provider, all of the issues I

could

discover with checkpoint were outweighed by the fact that you had 
true, functional, central administration.

-john

--
J. Adams http://www.retina.net/~jna

Fiber line / Shine, Enlight the Globe / In Light, communicate / 
Connect. ~~ Lassigue Bendthaus - Fiber

_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


--



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: