I am not the one wanting the change. We currently have a Pix 525 for a
connection to 3 hospitals over a private network. One of the other
hospitals IT department is being run by my director. The firewall at the
other site is some product called InstaGate, and it needs to be replaced.
Their Pix cannot handle the throughput needed. My director is replacing
the Pix of that side with an ASA-5520, and replacing our Pix with the
same. Someone told him that this ASA box can handle that traffic and
everything our Checkpoint firewall dishes out. Our Checkpoint supplies 10
IPSEC tunnel to vendors/doctors. We have 3 apps hosted over the internet
for Physicians/Radiologists/Nursing Homes to use. These 3 apps supply big
time data down to the client. It also does the normal internet/email
traffic, and VPN client stuff. We have probably around 75 VPN users (not
concurrent).
My director figures that we have this kick-ass ASA box, so we might as
well put everything together into one box, and get rid of Checkpoint. I
hate the idea of losing Checkpoint, and I would probably lose out on being
the firewall admin, as the current Pix guy is our Cisco guy, and I know
nothing about Cisco IOS.
I thank everyone for your opinion on this. I need as much information
about strengths/weaknesses on both products, so I can make my case. I had
a conference call today with a gut from Checkpoint and with our supplier,
to talk about this.
Thanks,
Sean
Simon Wilkinson <wilkis AT hotmail DOT com>
11/22/2006 12:47 PM
To
<sean.donaghey AT hdgh DOT org>
cc
Subject
RE: [FW-1] Checkpoint vs. Cisco ASA
Hi,
Firstly why are you looking to change?, is it to fit in with the rest of
the hardware or some other reason?.
IMHO, NGX gives you a lot more out of the box than the ASA, I've used the
5510 and that didn't come with IPS built in, it required another module so
NGX gives you better protection from that point of view. You may want to
consider throughput aswell as some of the ASA figures are theoretical
clear text figures and so may not actually deliver that speed in your
working environment. Depending on what platform you're using if that box
died then rebuilding ngx on another box could be a lot quicker/cheaper
than having a spare ASA device. With the Cisco device you can have what is
known as security contects, these are like virtual firewalls and is great
if you have a requirement for multiple firewalls then the ASA with
multiple contexts can give you x number of virtual firewalls, each with
their own config. The software for the ASA is much nicer and user-friendly
than previous offerings.
Have you thought about retraining costs as well.
Hope this helps, let me know if yo uhave any other questions I may be able
to help with.
Cheers
Simon
----------------------------------------
> Date: Wed, 22 Nov 2006 12:18:58 -0500
> From: Sean.Donaghey AT HDGH DOT ORG
> Subject: [FW-1] Checkpoint vs. Cisco ASA
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>
> Hi,
>
> Our company is considering replacing our Checkpoint firewall for a Cisco
> ASA-5520 appliance. Does anyone on this list have any experience with
ASA
> box, and if so what is your opinion on them. We are currently running
> R55 on our Corrent SR200 appliance, and are looking at migrating to a
Dell
> Poweredge 1950 server with R61/R62 (not sure which is best to go to).
>
> I need some ammunition on pros/cons of Cisco compared to Checkpoint.
>
> Any information would greatly be appreciated.
>
> Thanks,
>
> Sean
>
>
>
> The information contained in this e-mail message is confidential and
> protected by law. The information is intended only for the person or
> organization addressed in this e-mail. If you share or copy the
> information you may be breaking the law. If you have received this
e-mail
> by mistake, please notify the sender of the e-mail by the telephone
number
> listed on this e-mail. Please destroy the original; do not e-mail back
> the information or keep the original.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
_________________________________________________________________
Be one of the first to try Windows Live Mail.
http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d
The information contained in this e-mail message is confidential and
protected by law. The information is intended only for the person or
organization addressed in this e-mail. If you share or copy the
information you may be breaking the law. If you have received this e-mail
by mistake, please notify the sender of the e-mail by the telephone number
listed on this e-mail. Please destroy the original; do not e-mail back
the information or keep the original.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
