Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

RE: PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
From: Gregory Austin <greg () austinconsulting com>
Date: Thu, 01 Aug 2002 23:07:42 -0500
All,
Now I know why the moderator doesn't like to allow product X versus product Y discussions. :)
I wish I could shed light on this Netscreen ASIC rule limit, but as it's never actually come up for me in the real world (I guess I've been blissfully unaware if it's actually a problem) I couldn't really tell you. I can tell you that in my experience there are some good size shops using the equipment in question without problems.
What is truly funny to me about this discussion is that, while I'm arguing the Netscreen side for the most part here, I generally sell more Checkpoint when I'm influencing customer decisions. Many of my customers have needs that are better served by the Checkpoint platform (client VPN needs, odd authentication needs, central management of a dozen firewalls etc.) But if you just want to compare price:performance ratios (which an awful lot of customers are interested in doing, now more than ever) it's hard to not at least consider some of the appliance devices on the market.
The problem now is that even in places where Checkpoint is a good fit, how do you answer a customer who asks "Did you know that I can buy a fail-over *pair* of PIXs for what you people are charging me for one year of my unlimited license Checkpoint subscription & support?" You might think you can just tell them it has more features, easier management, etc., but when their budgets have just been slashed by forty percent companies tend to become somewhat cost-centric. I like Checkpoint's product just fine--but I think they're pricing themselves out of the market.
It may sound like I'm price-fixated, but that's just a reflection of my customers' demands. I have a strong suspicion that if Microsoft puts a little work into ISA server we're all going to see a lot of small to mid-size companies using that for their gateways. And it won't be because it's the best solution that it will gain market share, it will be because the price is right. 

     Again, these opinions are my own, and surely not those of my employer,

Greg
CISSP, CCSE, etc.

P.S.  Bloated rule bases still suck.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]