[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Checkpoint vs. Netscreen
Title: Message I work
with both Checkpoint and NS and as noted, each product has its strengths and
weaknesses. Personally, I prefer the NetScreen for stability,
simplicity, and for the fact that it doesn't make assumptions about my VPN
proposals that I didn't tell it to make. In addition I'll admit
having a distinct bias against any FW that needs a popular OS (hardened or
otherwise) underneath it.
But I
have to say that the flexibility of the Checkpoint product, most notably having
the ability to tweak the living daylights out of your policies *offline* out of
the box, and having the ability to have multiple policies floating
about, is a strong plus on their side. I think to get the kind of
flexibility Checkpoint offers on the NS platform, you have to get into NS Global
Manager (or whatever they're calling it these days) and that means shelling out
a lot more than just the cost of procuring and installing the
box.
I
think the bottom line for me is that a NetScreen is a great set-it-and-forget-it
device. If you have a more dynamic environment Checkpoint may be the
better solution. Or, as it probably occurs in real life, the same
organization may do best with a Checkpoint in one place and an NS in
another.
Dang,
now I have to have both or I'll feel deprived :)
-----Original Message-----
From: Christopher Gripp [mailto:[email protected]] Sent: Wednesday, April 24, 2002 1:25 PM To: [email protected] Subject: Re: [FW-1] Checkpoint vs. Netscreen
|