Educause Security Discussion mailing list archives

Re: CheckPoint vs ASA

From: Tim Cantin <tcantin () WELLESLEY EDU>
Date: Mon, 14 Apr 2008 15:33:53 -0400

We switched from Solaris-based CheckPoint Firewall-1's to Cisco PIX's in
2005, and have been in much better space ever since. Not only the pricing
and support issues which of course were becoming factors, but the firewalls
were starting to fail on us as well (with no hope in sight). It was one of
those quick, "emergency" purchases I've made that I actually didn't regret -
because you know you usually end up regretting purchases made under those
circumstances!

We are now in the process of migrating to ASA's.

T

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Disterhaft, Brian
Sent: Monday, April 14, 2008 2:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] CheckPoint vs ASA

To all:

In the near future, I will be faced with the task of replacing our aging
firewall (CheckPoint FW-1 running on IPSO).  CheckPoint has served us
very well for a number of years and it's the only firewall platform
(outside of Microsoft ISA Server) that I a familiar with.  However, I
have grown increasingly frustrated with the hefty pricetag for
support/software subscriptions as well as the quality of support
received from CheckPoint.

I have looked into alternatives, and at this point have decided that
Cisco's ASA appliance would be a viable option at a much lower annual
cost.  Support, Performance, VPN capabilities and integrated IPS were
factors in the decision.

Realizing this is a lot like asking a GM vs. Ford question, I'd like to
hear experiences from those on the list that have faced a similar
situation or are currently using ASA.  My main concern revolves around
the management of ASA as I've heard that it can be cumbersome especially
for those whose experience lies with platforms like CheckPoint.

Thanks in advance for your help.

Brian M. Disterhaft
Systems and Network Manager
Ripon College
Phone: (920) 748-8381
EMail: disterhaftb () ripon edu






-Tim

---
Tim Cantin, Senior Network Engineer
Wellesley College, IS/Technology Infrastructure Group
223 Simpson Hall East, 106 Central Street
Wellesley, Massachusetts 02481-8203
http://www.wellesley.edu/~tcantin/
phone: (781)283-3520 fax: (781)283-3682

Current thread:

CheckPoint vs ASA Disterhaft, Brian (Apr 14)
- <Possible follow-ups>
- Re: CheckPoint vs ASA Jenkins, Matthew (Apr 14)
- Re: CheckPoint vs ASA Tim Cantin (Apr 14)
- Re: CheckPoint vs ASA Consolvo, Corbett D (Apr 14)
- Re: CheckPoint vs ASA Barros, Jacob (Apr 14)
- Re: CheckPoint vs ASA Basgen, Brian (Apr 14)
- Re: CheckPoint vs ASA Paul Keser (Apr 14)
- Re: CheckPoint vs ASA Stephen John Smoogen (Apr 14)