comparison between cisco pix and checkpoint

[sebastan_bach]

hi everyone i would like to have a healthy discussion between the features of cisco pix and checkpoint either over SPLAT or Nokia. the advantages and disadvantages as compared to cisco pix. the features that are available and not available in both the firewalls. justa healthy discussion i got nothing again cisco pix not against checkpoint. thank u . hope to see a lot posts on this topic.

sebastan

[bvanniekerk]

Eish...

The best way of doing this is to probably make a list of all the things you know what CP can do and what PIX can do.
Depends on what you want to compare as well...user interface / features / cost / ease of operation...
Maybe you should clarify what you wish to compare?
Rgrds
b

[Sergej]

My opinion PIX - sux, CheckPoint Rocks. :)
The main advantage of PIX - it cost per bandwidth. In our region (with extremely low ISP connections, e.g. 2mbps for 500-700 employees company) CheckPoint cant beat PIX by price.

I suggest you to compare (Cisco PIX + Cisco router) bundle vs CheckPoint PIX. Also you can try to find competitive chit sheets from the both companies. Comparing is very funny.

P.S. Note that PIX is gone away and are planned to to EOL (not officially) the current box is ASA. ASA running same code like a PIX, but have better CPU and one expansion slot. In this expansion slot you can slide another independent "mini-blade-server" (e.g. Service Module). Under the ASA you can push selected streams to tis service module for analys (stream can be returned back). There is to service modules avalable IPS (low perf and high per versions) and Anti-X. IPS running Cisco IPS 5.X code, Anti-X runs Trend Micro code.

[Sergej]

Also you can run SmartClients in demo mode vs Cisco ASDM (Cisco finally release special Demo Mode enabled version, but I did not get one yet) and click all the check boxes you can.

[sebastan_bach]

hi sergej i want as per features wise granularity and power of controlling traffic and application inspection. which one would u consider. checkpoint or pix. i know pix sucks big time. i have worked on it a lot. netscreen is also a good one these days . share u views with us. thanks and bye

sebastan

[Sergej]

By googling "pix vs checkpoint filetype:pdf" you can find a lot of interesting documents. Some are fresh, some are pretty old. For example
http://perpos.gtri.gatech.edu/public...%202005-01.pdf
http://www.naspa.com/PDF/2003/0603/T0306002.pdf
http://www.tolly.com/ts/2005/Checkpo...thAppendix.pdf

Try to find something good by yourself and post here. Personally I can only feedback on pretty small scale Cisco and CheckPoint projects.

[RayPesek]

A local reseller (www.hurricanelabs.com) runs a fantastic demo. They put a real Pix in front of a virtual Windows web server (some recent patches missing) and run MetaSploit against it to install a VNC command shell in a matter of seconds. They then reload the Windows web server from the backup VM and put a CP firewall in front of it.

No matter what MetaSploit attack they run against it, SmartDefense and CP stop it cold.

Very convincing as to why old-technology firewalls like the Pix are bad news in today's world.

Ray

[Sergej]

(This was an April First joke)
More info can be found here:
http://lnk.in/3gt4

The game is over. Cisco and Checkpoint not a competitors any more. This is one company.

"Check Point and Sourcefire to withdraw CFIUS application for acquisition"
http://www.checkpoint.com/press/2006...ire032306.html

"Cisco announces acquisition of Check Point Software Technologies Ltd."
http://newsroom.cisco.com/dlls/2006/...r-01-2006.html

After Checkpoint decided to eat the small fish he was eaten by himself by Cisco.
How soon we will see Cisco VPN-1? SmartDefence integrated to the ASA? From the personal experience Cisco is very fast in integrating new product to the own portfolio.

[kva.kva]

It's really good news about CP and Cisco. I read about it on SecurityFocus (http://www.securityfocus.com/news/01046). Soon we will take very powerful security products.

[Lackie]

I think that you have been feed some incorrect information. Both of your links are bad. I really don't think that Cisco has taken over Check Point.

The Check Point and Sourcefire issue appears to be real though. US govt quashed their purchase of Sourcefire.

[Sergej]

Quote:

Originally Posted by Lackie

I think that you have been feed some incorrect information. Both of your links are bad. I really don't think that Cisco has taken over Check Point.

The Check Point and Sourcefire issue appears to be real though. US govt quashed their purchase of Sourcefire.

Looks like they want to hide this acquisition issue from public for a while. This is explosive news. That is why the link is disappeared. Look for the NASDAQ and you can understand it by yourself - http://quotes.nasdaq.com/quote.dll?p...&selected=CSCO

[chillyjim]

This is not real. Cisco is not buying Check Point.

[Lackie]

I'll only believe it when I'm told to start supporting Cisco. This is probably about as truthfull as when the news of Cisco was purchasing Nokia a few months back.

[Sergej]

This was an April First joke.

More info can be found here:
http://lnk.in/3gt4

[kva.kva]

Sorry, guys. Really it's a joke :)

[danilody]

For one, you can create FQDN object in Checkpoint but not in PIX. This is important specially for domains with multiple IP Addresses or frequently change IP Address