From: George He (georgeh@adstream.com.au)
Date: Sun Feb 15 2004 - 19:12:16 GMT-3
Since PIX 6.3, PIX support logical interface, so you can configure up to
24 interfaces in one 535 box, 10 interfaces on 515E box.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/co
nfig/bafwcfg.htm#1113411
Can you give us more flexibility limit on PIX?
Regards
George
-----Original Message-----
From: Craig Columbus [mailto:craig.columbus@columbusconsulting.com]
Sent: Monday, February 16, 2004 7:38 AM
To: 'Wright, Jeremy'
Cc: ccielab@groupstudy.com
Subject: RE: PIX vs. Checkpoint
You're really comparing apples and oranges when talking about Checkpoint
and PIX. Having put in many Checkpoint and PIX installations, given the
choice, I'd put in a Netscreen. Yeah, I know we don't know what the
future holds since the Juniper stock swap, but IMHO, Netscreen is a
better bargain for your money over both Checkpoint and PIX. Support
stinks, but the products are solid and very easy to implement and
manage. Netscreens edge out PIX on features and edge out Checkpoint on
cost and ease of implementation.
That said, I just finished putting in a HA Checkpoint solution (Sun
gateways running SecurePlatform, Windows 2000 SmartCenter). It works
flawlessly, even failing over VPN connections with barely a blip.
Installation, however, was less than straightforward due to some strange
bugs and licensing issues. And, as other people have noted,
Checkpoint's support is less than stellar. Sometimes you deal with
someone knowledgeable, but most of the time you're lucky if you get
someone who even has a basic understanding of the product.
Cisco's support is far superior (though I've had increasing difficulty
with them as well over the last couple of years). The good news,
seemingly unlike Checkpoint, is that you can always escalate to someone
knowledgeable.
The PIX is a much simpler device than the Checkpoint solution. It's
solid, fast, and reliable, but doesn't offer nearly as much flexibility.
For example, I needed to add a couple more interfaces to my Checkpoint
implementation, so I grabbed a couple of NICs off the shelf. If I need
more later, I can always add more.
Bottom line? Given a choice, I'd choose Netscreen, followed by
Checkpoint (even with their licensing and support problems), followed by
PIX.
Just my opinion...
Craig
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Wright, Jeremy
Sent: Friday, February 13, 2004 3:52 PM
To: 'ccielab@groupstudy.com'
Subject: OT:PIX vs. Checkpoint
> Any recommendations between the 2 for an enterprise solution? The docs
I've read has them pretty close. High availability, load balancing, and
manageability are key.
>
>
>
>
>
>
>
> *****************************************
> Jeremy Wright
> CCIE# 11168
> Network Engineer
> Archer Daniels Midland
> wright@admworld.com
> (217)451-4063
>
> *****************************************
>
>
CONFIDENTIALITY NOTICE:
This message is intended for the use of the individual or entity
to which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient or the employee or
agent responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or copying
of this communication is strictly prohibited.
If you have received this communication in error, please notify
us immediately by email reply or by telephone and immediately delete
this message and any attachments. In the U.S. call us toll free at
(800) 637-5843.
Spanish, French, French (Canada), Portuguese, Polish, German,
Dutch, Turkish, Russian, Japanese and Chinese:
http://www.admworld.com/confidentiality.htm.
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:50 GMT-3