Re: CheckPoint vs ASA

["Barros, Jacob" <jkbarros () GRACE EDU>]

Echo the management comment about ASDM.  I learned PIX management and
configuration on command line and was reluctant to use the ASDM, but now
I do most changes and maintenance through the GUI.  We migrated from PIX
to ASA 5500 this summer seamlessly.

The Cisco VPN client can be repackaged with preconfigured settings, so
rolling out VPN to previous users was painless.  I have the installer
out on our portal and just sent an email with the instructions.  So far
I have no complaints. 

I have had nothing but good experiences with Cisco support.
Documentation is always out there, updates are easy to find, tech
support calls are resolved in a timely fashion.


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jenkins, Matthew
Sent: Monday, April 14, 2008 3:25 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] CheckPoint vs ASA

I have not used Checkpoint in the past.  I have used a variety of other
vendors in the past.  We use Cisco ASAs here.  The ASDM GUI makes it
very easy to learn, especially for folks new to the ASAs.  Because I
have had previous PIX experience, I still use the console for some
tasks, however most of the everyday maintenance is done through the ASDM
now.  I think it is Cisco Security Manager that allows you to centrally
manage the ASAs.  We don't use the product, but saw it advertised once.
That may be more similar to the management style the Checkpoint
firewalls use.  Overall we have had great success with the ASAs.  Unless
you are doing more advanced stuff like ospf route maps, the ASDM GUI
will take care of most tasks.

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
304.367.4955
Visit us online at www.fairmontstate.edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Disterhaft, Brian
Sent: Monday, April 14, 2008 2:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] CheckPoint vs ASA

To all:

In the near future, I will be faced with the task of replacing our aging
firewall (CheckPoint FW-1 running on IPSO).  CheckPoint has served us
very well for a number of years and it's the only firewall platform
(outside of Microsoft ISA Server) that I a familiar with.  However, I
have grown increasingly frustrated with the hefty pricetag for
support/software subscriptions as well as the quality of support
received from CheckPoint.

I have looked into alternatives, and at this point have decided that
Cisco's ASA appliance would be a viable option at a much lower annual
cost.  Support, Performance, VPN capabilities and integrated IPS were
factors in the decision.

Realizing this is a lot like asking a GM vs. Ford question, I'd like to
hear experiences from those on the list that have faced a similar
situation or are currently using ASA.  My main concern revolves around
the management of ASA as I've heard that it can be cumbersome especially
for those whose experience lies with platforms like CheckPoint.

Thanks in advance for your help.

Brian M. Disterhaft
Systems and Network Manager
Ripon College
Phone: (920) 748-8381
EMail: disterhaftb () ripon edu