NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Checkpoint vs. Netscreen



Title: Message
I work with both Checkpoint and NS and as noted, each product has its strengths and weaknesses.  Personally, I prefer the NetScreen for stability, simplicity, and for the fact that it doesn't make assumptions about my VPN proposals that I didn't tell it to make.  In addition I'll admit having a distinct bias against any FW that needs a popular OS (hardened or otherwise) underneath it.
 
But I have to say that the flexibility of the Checkpoint product, most notably having the ability to tweak the living daylights out of your policies *offline* out of the box, and having the ability to have multiple policies floating about, is a strong plus on their side.  I think to get the kind of flexibility Checkpoint offers on the NS platform, you have to get into NS Global Manager (or whatever they're calling it these days) and that means shelling out a lot more than just the cost of procuring and installing the box.
 
I think the bottom line for me is that a NetScreen is a great set-it-and-forget-it device.  If you have a more dynamic environment Checkpoint may be the better solution.  Or, as it probably occurs in real life, the same organization may do best with a Checkpoint in one place and an NS in another.
 
Dang, now I have to have both or I'll feel deprived :)
 
-----Original Message-----
From: Christopher Gripp [mailto:[email protected]]
Sent: Wednesday, April 24, 2002 1:25 PM
To: [email protected]
Subject: Re: [FW-1] Checkpoint vs. Netscreen

As a LAN 2 LAN VPN appliance goes the NS is MUCH better than the Checkpoint.  For software clients the CP Securemote is better than the IRE client that Netscreen uses. 
 
We deploy and manage both and they each have their strengths and weaknesses but the above mentioned are probably the biggest in my mind.
 




Christopher Gripp
Systems Engineer
Axcelerant

"Impartiality is a pompous name for indifference, which is an elegant name for ignorance."  G.K. Chesterton

-----Original Message-----
From: Faris, Craig [mailto:[email protected]]
Sent: Wednesday, April 24, 2002 12:41 PM
To: [email protected]
Subject: [FW-1] Checkpoint vs. Netscreen

We currently own Checkpoint VPN-1 on NT (256 user version).  I now have 3 (20-60 user) branch offices behind this firewall and need to upgrade to Enterprise.  We have about 100 internal users who browse the Web and I have 2 small VPN based (2-3 user) remote offices using DSL.  We are located in Ontario, Canada.  Quotes I have been getting are in the $13,500-$14,500CDN (9000-9600USD approx.) for the upgrade and I will go from $2500/year (cdn) for software subscription to $5000/year (cdn).
Total Today = $18500
 
I am having trouble justifying this cost and I am considering buying a Netscreen-25 (approx $5250MSRP cdn (one time) + $900/year) or Netscreen-50 (approx $8900cdn one time) + 1950/year.)
Total to Replace Today = $10850
 
Does anyone have any input on the Netscreen vs Checkpoint? Thanks in advance.


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.