- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: PIX VS CheckPoint [7:40136] posted 04/08/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

With PDM 2.0 and PIX OS 6.2 you will be able to do this. It was suppose to
be out last month.. I guess they are still working the bugs out of it...

CCIE 9015

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]On Behalf Of
Mark Odette II
Sent: Monday, April 08, 2002 2:48 AM
To: cisco@xxxxxxxxxxxxxx
Subject: RE: PIX VS CheckPoint [7:40136]

Timo- Which version of the PDM are you referring to that has the VPN config

I have 1.1.2 now, and I have not found that functionality... Am I just
overlooking something!?!?!

TIA for your response.

-Mark Odette II

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]On Behalf Of
Timo Graser
Sent: Sunday, April 07, 2002 7:05 AM
To: cisco@xxxxxxxxxxxxxx
Subject: Re: PIX VS CheckPoint [7:40136]

The Pix has also a browser interface. The only disadvantage in the past
was, that you could not configure a vpn. With the new pdm you will be
able to do this too.

So the only things in the future to do at cli will be to run setup and
then log in over your browser.

Jeffrey Reed wrote:

>IPSO comes with a nice web browser interface that I can teach a customer in
>a matter of minutes. You only need to access command line when you have
>support on the line. Also, Nokia certifies each CheckPoint release with
>their IPSO operating system to make sure they are more than compatible.
>is a good solution if you're running CheckPoint. As X said, never run your
>firewall on NT!!
>Jeffrey Reed
>Classic Networking, Inc.
>-----Original Message-----
>From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]On Behalf Of nrf
>Sent: Tuesday, April 02, 2002 9:21 PM
>To: cisco@xxxxxxxxxxxxxx
>Subject: Re: PIX VS CheckPoint [7:40136]
>I knew somebody was going to come back with that.  All-right fine, it is
>indeed true that Ipso is a hacked version of Unix.  But then again, so is
>Cisco IOS and Juniper JunOS, and you could say that it helps to have
>knowledge of Unix to run either of those (especially JunOS).    The point I
>was trying to make is that by using a Nokia Ipso box, you don't subject
>yourself to the full-blown intricacies of Unix like you do when installing
>Checkpoint software on, say, a Sun box. I was trying to say that  you could
>get by with less Unix skills than you could otherwise, I was not saying
>you could get by with an absolute 100% complete whole-nine-yards lack of
>Unix knowledge.  Now, whether you consider that to be a good or bad thing
>in the eyes of the beholder.
>""colin newman""  wrote in message
>>Nokia?s IPSO OS is Unix.  It?s a ?hardened? and customize version of
>>FreeBSD.  I?ve worked on Nokia/CheckPoint boxes and it does help to have
>>knowledge of Unix.  I have not had the chance to work with PIX yet so I
>>can?t comment on the merits of a CheckPoint/Nokia vs. PIX.  The only
>>negative thing I have to say about CheckPoint is their idiotic licensing
>>scheme, it a pain and can be very confusing.
>>nrf wrote:
>>>On the other hand, there's a distinct third option, which is to
>>>Checkpoint on a dedicated hardware appliance, for example the
>>>Nokia Ipso
>>>line of gear.  This removes one of the Checkpoint disadvantages
>>>(don't need
>>>to know Unix or NT), but introduces another disadvantage (less
>>>flexible -
>>>you should have included in your advantages that regular
>>>Checkpoint is more
>>>flexible than Pix because you can integrate it with Unix and
>>>enjoy all the
>>>features of Unix, but of course with a Nokia, you don't have
>>>that).  In
>>>fact, the Pix and the Nokia Checkpoint are so close that it's
>>>almost a wash.
>>>I believe the Pix is faster, but the Nokia Checkpoint is still
>>>more flexible
>>>(but not as flexible as Checkpoint software).
>>>""Nurudeen Aderinto""  wrote in
>>>>Dear x,
>>>>I love your presentation. You spoke well.
>>>>""x""  wrote in message
>>>>>I have setup and managed both PIX and Checkpoint in a
>>>>>variety of environments.  I think they are both solid
>>>>>options in different situations.  Here is how I market
>>>>>these products.
>>>>>- more cost effective
>>>>>- fast
>>>>>- you can have fail over
>>>>>- Can be more complicated to setup the CLI, but PIX
>>>>>has a nice feature of allowing all traffic out and
>>>>>none in by default.
>>>>>Who would I market this for?
>>>>>I would target this as an ideal candidate for small
>>>>>companies with rulesets that don't change much.  They
>>>>>also need a Cisco savy person to manage it, usually a
>>>>>consultant.  I am guessing you would fill this role.
>>>>>I have only made minor changes in the firewall I have
>>>>>managed for almost two years.
>>>>>- nice GUI for ruleset management
>>>>>- more expensive
>>>>>- required to know Unix or NT ( for the love of God
>>>>>don't use NT.  Its security is very poor out of the
>>>>>box and requires a great deal of configuration to
>>>>>become mildly secure )
>>>>>Who would I market this toward?
>>>>>I would target larger companies with Checkpoint.  It
>>>>>is easier to manage the ruleset, but more setup time
>>>>>and more costly.  I would also say this solution is
>>>>>slightly slower and more prone to security issues
>>>>>since you have to patch the OS and the firewall
>>>>>--- Jeffrey Reed  wrote:
>>>>>>Has anyone performed or seen an in depth study of
>>>>>>PIX vs Checkpoint? I have
>>>>>>a customer who is looking at both. Ive read various
>>>>>>magazine articles, but
>>>>>>nothing from real people such as this group! :)
>>>>>>Jeffrey Reed
>>>>>>Classic Networking, Inc.
>>>>>>Cell 717-805-5536
>>>>>>Office 717-737-8586
>>>>>>FAX 717-737-0290
>>>>>Do You Yahoo!?
>>>>>Yahoo! Tax Center - online filing with TurboTax

Message Posted at:
FAQ, list archives, and subscription info:
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx