RE: ASA vs Checkpoint

From: David Chances (davidchances@yahoo.com)
Date: Wed Jul 23 2008 - 15:39:11 ART

• Next message: Biggs, Jeff \(M/CIO/BIE\): "RE: ASA vs Checkpoint"
• Previous message: Otto Rupp: "Re: Backbone confusion"
• Maybe in reply to: dip: "ASA vs Checkpoint"
• Next in thread: Biggs, Jeff \(M/CIO/BIE\): "RE: ASA vs Checkpoint"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Some companies just don't know how to use Checkpoint properly, hence they blame the product. A seasoned product will not just randomly drop packets. If you balls up the configuration it will, if you install and use it the way it was designed it won't.

This is the same problem people have with MS products, too easy to throw the blame when you can't get it to work.

--- On Wed, 7/23/08, Biggs, Jeff (M/CIO/BIE) <JBiggs@usaid.gov> wrote:
From: Biggs, Jeff (M/CIO/BIE) <JBiggs@usaid.gov>
Subject: RE: ASA vs Checkpoint
To: "dip" <diptanshu.singh@gmail.com>, ccielab@groupstudy.com, security@groupstudy.com
Date: Wednesday, July 23, 2008, 9:14 AM

We are presently getting off "Chokepoints" and moving to Junipers. We
have had Chokepoints in our network for about 8 years and while we were
running Checkpoint 2000 software (first 3 years), we never had an issue.
When we had to upgrade to Chokepoint NG, life has sucked ever since and
we have had nothing but problems. Particularly with our VPN setup. We
were running a Point to Multipoint VPN solution and the firewall could
not handle the load, even with the VPN accelerator card installed. We
also had issues with the Horizon Manager software and how slow it was to
make changes to the Firewall since we Centrally Managed them.

But to top it off, we had a problem where the Firewalls were randomly
dropping GRE packets. This fiasco turned into a 6 month nightmare of
our NOC and Firewall team pointing fingers at one another. We finally
brought in Cisco, Chokepoint and Nokia, since Nokia is the preferred
Hardware platform of Chokepoint. After a week of being locked in a room
together, Nokia found that the Chokepoint software kernel on the NIC was
dropping the GRE packets. That turned into another finger pointing
contest between Chokepoint and Nokia. We finally just said the heck
with it and during our Tech Refresh of the Security perimeter, we did an
evaluation of Juniper vs. Chokepoint.....well from this email you can
tell who won.

Jeffrey Biggs
CCIE #21127 (R&S)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
dip
Sent: Tuesday, July 22, 2008 4:02 PM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: ASA vs Checkpoint

Hi Guys,

i have to evaluate between Cisco ASA and Checkpoint for a big
enterprise. I
think this is a better place to ask since lot of people would have
worked on
both products.

Please provide me all the plus points which you saw in checkpoint which
you
think currently Cisco ASA doesn't have or vice versa.
Also what feature's checkpoint has which you think should be must in
cisco
Firewalls .

Thanks
Dip

• Next message: Biggs, Jeff \(M/CIO/BIE\): "RE: ASA vs Checkpoint"
• Previous message: Otto Rupp: "Re: Backbone confusion"
• Maybe in reply to: dip: "ASA vs Checkpoint"
• Next in thread: Biggs, Jeff \(M/CIO/BIE\): "RE: ASA vs Checkpoint"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART