RE: ASA vs Checkpoint

From: Biggs, Jeff \(M/CIO/BIE\) (JBiggs@usaid.gov)
Date: Wed Jul 23 2008 - 10:14:14 ART

• Next message: Muhammad Nasim: "Re: ASA vs Checkpoint"
• Previous message: Ramy Sisy: "PING"
• Maybe in reply to: dip: "ASA vs Checkpoint"
• Next in thread: Muhammad Nasim: "Re: ASA vs Checkpoint"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are presently getting off "Chokepoints" and moving to Junipers. We
have had Chokepoints in our network for about 8 years and while we were
running Checkpoint 2000 software (first 3 years), we never had an issue.
When we had to upgrade to Chokepoint NG, life has sucked ever since and
we have had nothing but problems. Particularly with our VPN setup. We
were running a Point to Multipoint VPN solution and the firewall could
not handle the load, even with the VPN accelerator card installed. We
also had issues with the Horizon Manager software and how slow it was to
make changes to the Firewall since we Centrally Managed them.

But to top it off, we had a problem where the Firewalls were randomly
dropping GRE packets. This fiasco turned into a 6 month nightmare of
our NOC and Firewall team pointing fingers at one another. We finally
brought in Cisco, Chokepoint and Nokia, since Nokia is the preferred
Hardware platform of Chokepoint. After a week of being locked in a room
together, Nokia found that the Chokepoint software kernel on the NIC was
dropping the GRE packets. That turned into another finger pointing
contest between Chokepoint and Nokia. We finally just said the heck
with it and during our Tech Refresh of the Security perimeter, we did an
evaluation of Juniper vs. Chokepoint.....well from this email you can
tell who won.

Jeffrey Biggs
CCIE #21127 (R&S)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
dip
Sent: Tuesday, July 22, 2008 4:02 PM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: ASA vs Checkpoint

Hi Guys,

i have to evaluate between Cisco ASA and Checkpoint for a big
enterprise. I
think this is a better place to ask since lot of people would have
worked on
both products.

Please provide me all the plus points which you saw in checkpoint which
you
think currently Cisco ASA doesn't have or vice versa.
Also what feature's checkpoint has which you think should be must in
cisco
Firewalls .

Thanks
Dip

• Next message: Muhammad Nasim: "Re: ASA vs Checkpoint"
• Previous message: Ramy Sisy: "PING"
• Maybe in reply to: dip: "ASA vs Checkpoint"
• Next in thread: Muhammad Nasim: "Re: ASA vs Checkpoint"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART