Thanks to: Adam L. Lonnie R. Jennifer S. Asher F. Wade S. Steve P. Ed M. Mark Most comments are below with the original question at the end. A very humble thanks to all those who responded so quickly. With the exception of one individual, I received very helpful comments. Though the jury is still out, most seemed to find that anything utilizing Check Point was favorable. Again thanks, Marc B. ************************************************************* We used to run Sun E250's with Checkpoint FW1. I understand that the Nokia appliances kick butt in performance over a standard Sun. We then switched to PIX 515s. Couldn't stand them. Cisco upgraded us to 520s at no cost because of the problems we had. I generally don't deal with the firewalls, because I don't speak Cisco-ese, but I can't *stand* the PIXes. I'll take a Checkpoint firewall any day. I understand they're powerful, but frankly, the interface and rules system is so convoluted that it drives me nuts. Also, it's apparently not easy to just add an intermediate rule -- you have to tear down the whole ruleset and rebuild it. Checkpoint is much friendlier in this regard. As for logging, I don't know what the Nokia can do, but I wish I had better logging from the PIX. I haven't even looked at the Nokia, but I'd be inclined to buy it over the PIX. -Adam ************************************************************* Have you looked at the Netscreen gear??? Easy to manage, very good throughput, however it may be a little bit more expensive. ************************************************************* We are using Nokia IP530 w/ Check Point. (I'm sure of the Nokia model) I think we went for that solution due to $$$ but not sure. The Nokia's are very stable and we haven't had a problem yet. We implemented about 2 months ago. Thank you, Jennifer S ************************************************************* I would definitely go for the checkpoint/nokia direction if cost is not the issue. checkpoint configuration flexibility is alot better. IMHO PIX works fine in simple/typical networks, but gets really complicated when you're on a larger network with a lot of subnet and requirements. the only complain I have for checkpoint is it's pricing. Asher ************************************************************* I have used both and prefer the checkpoint solution for the following reasons: Admin is easy and intuitive. Add ons such as transparent http/smtp/ftp virus scanning / filtering are abundant. Logging and reporting are way better on checkpoint. -Wade ************************************************************* I use both in our environment, and I find the Nokia/FW1 mix to be a good choice if you have to deal with PHB's and GUI-only types. While the PIX offers some nice GUI tools, I like being able to SSH or telnet in and work on the command line. Since VPN isn't an issue, you won't go wrong with either. I think it's going to be a matter of price and personal preference. Ed M. ************************************************************* I run 26 firewalls world wide. 22 are Check Point on Sun, 4 are Pix. I've set up Nokia two different times with license problems each time. I use Check Point for it's logging, debugging, support, and the way it hides most of the complexity so others understand the firewall too. I'm replacing the 4 Pix with Check Point, and moving all VPN to Cisco as all sites are fully meshed VPNs to all other sites, and I don't like that attacks bring down my VPN tunnels at times. Mark ************************************************************* Your opinion is valued... We are trying to decide between the Cisco PIX 525 and the Nokia IP530 w/Check Point. Does anyone have any opinions about either of these, be it good or bad? _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Jun 19 14:23:25 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:47 EST