|
List Info
Thread: Checkpoint VPN over SSL vs Juniper
|
|
| Checkpoint VPN over SSL vs Juniper |
 
United States |
2007-10-18 16:46:25 |
Hey Guru's,
l don't want a flame contest or anything here, but am
wondering which is
the better VPN over SSL solution, Checkpoint or Juniper?
We have checkpoint appliances so am wonder if checkpoints
solution are
more integrated, and basically whether it holds a candle to
Juniper?
Juniper is the market leader, so they must be doing
something right, but
l want to know from you guru's who may have played with them
both which
is better.
We have a mix of users (Windows, Mac, Linux) in case that
matters, and
should only have up to 50 concurrent sessions.
Thanks in advance,
Al
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Checkpoint VPN over SSL vs Juniper |
|
2007-10-18 17:22:26 |
Just thought I would weigh on this. I helped support 600+
VPN's on
Junipers for the DOD, and currently managing 200+ VPN's on a
Checkpoint
(R65). I have to say that it is easier to manage Checkpoint
VPN's and
troubleshoot them, especially in our environment where we
have an
exorbitant amount of NAT's and firewall rules. The Juniper's
central
management sucked, in my opinion, to the point where we
would have to
manually create the device configs by hand, and then use NSM
to push.
Supporting the Juniper was a lot like supporting Cisco
devices, in that
you have to search text files or output, hunting and
searching for the
configs for certain VPN's, NAT's, and rules effected by an
issue. You
can forget about using the web GUI for any troubleshooting
or log
monitoring unless you are a very small shop. Troubleshooting
the VPN's
took a lot longer (in my opinion) because the
logging/management
features are not as good as Checkpoint, I'm not sure anyone
would argue
that (including Juniper).
Having such a large environment of Juniper VPN's (pretty
much every
device and configuration and version of ScreenOS Juniper
makes) I ran
into a lot of bugs, including anomalous VPN failures that
were only
resolved by rebooting the clustered devices, and strange VPN
failures
(key exchange) which was only solved by reloads, or solved
by having
updated patched version of the ScreenOS sent to us in
emergency
situations.
Other's mileage may vary, but in my opinion Checkpoint VPN's
win hands
down just for ease of support and administration if nothing
else. I'm
not a netscreen "hater" by any means, and I would
take Netscreen over
Pix or ASA any day... But it just can't compare to
Checkpoint.
Just my 2 cents,
Justin Ross
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Alan
Choyna
Sent: Thursday, October 18, 2007 2:46 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Checkpoint VPN over SSL vs Juniper
Hey Guru's,
l don't want a flame contest or anything here, but am
wondering which is
the better VPN over SSL solution, Checkpoint or Juniper?
We have checkpoint appliances so am wonder if checkpoints
solution are
more integrated, and basically whether it holds a candle to
Juniper?
Juniper is the market leader, so they must be doing
something right, but
l want to know from you guru's who may have played with them
both which
is better.
We have a mix of users (Windows, Mac, Linux) in case that
matters, and
should only have up to 50 concurrent sessions.
Thanks in advance,
Al
=================================================
To set vacation, Out-Of-Office, or away messages, send an
email to
LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription
options,
email fw-1-ownerts.checkpoint.com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Checkpoint VPN over SSL vs Juniper |
|
2007-10-18 17:34:47 |
I been using checkpoint's SSL network extender also Juniper
SSL box, and the
best one was F5 SSL solution, it was the best, the SSL plug
in for firefox
works perfectly with Linux and MAC. That's why I like it,
you can have there
a bit of checkpoint's connectra such as web applications,
and many things,
maybe can be a good option.
Regards.
--
On 10/18/07, Alan Choyna <achoynapathf.com> wrote:
>
> Hey Guru's,
>
> l don't want a flame contest or anything here, but am
wondering which is
> the better VPN over SSL solution, Checkpoint or
Juniper?
>
> We have checkpoint appliances so am wonder if
checkpoints solution are
> more integrated, and basically whether it holds a
candle to Juniper?
>
> Juniper is the market leader, so they must be doing
something right, but
> l want to know from you guru's who may have played with
them both which
> is better.
>
> We have a mix of users (Windows, Mac, Linux) in case
that matters, and
> should only have up to 50 concurrent sessions.
>
> Thanks in advance,
>
> Al
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
--
Jose Valdivia
Firewall Enginner
Perot Systems
CCSA CCSE WCSA NCMA NCMP
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Checkpoint VPN over SSL vs Juniper |
 
Romania |
2007-10-19 02:25:05 |
Alan Choyna wrote:
> Hey Guru's,
>
> l don't want a flame contest or anything here, but am
wondering which is
> the better VPN over SSL solution, Checkpoint or
Juniper?
>
> We have checkpoint appliances so am wonder if
checkpoints solution are
> more integrated, and basically whether it holds a
candle to Juniper?
>
> Juniper is the market leader, so they must be doing
something right, but
> l want to know from you guru's who may have played with
them both which
> is better.
>
> We have a mix of users (Windows, Mac, Linux) in case
that matters, and
> should only have up to 50 concurrent sessions.
I've played both with Juniper SA appliances and with CP
Connectra and I
wouldn't recommend Connectra.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Checkpoint VPN over SSL vs Juniper |
United States |
2007-10-19 03:45:27 |
I 've tried both Juniper SSL VPn appliance and the
Checkpoint Connectra.
Juniper appliances are beter than the connectra (more
useful, more
functional and easy managable). I recommend Juniper SSL SA
appliances
Saygılarımla / Regards
Yaşar SARCAN
Network & Security Engineer (CCSA, JNCIA, CCNA)
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of sin
Sent: Friday, October 19, 2007 10:25 AM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Checkpoint VPN over SSL vs Juniper
Alan Choyna wrote:
> Hey Guru's,
>
> l don't want a flame contest or anything here, but am
wondering which is
> the better VPN over SSL solution, Checkpoint or
Juniper?
>
> We have checkpoint appliances so am wonder if
checkpoints solution are
> more integrated, and basically whether it holds a
candle to Juniper?
>
> Juniper is the market leader, so they must be doing
something right, but
> l want to know from you guru's who may have played with
them both which
> is better.
>
> We have a mix of users (Windows, Mac, Linux) in case
that matters, and
> should only have up to 50 concurrent sessions.
I've played both with Juniper SA appliances and with CP
Connectra and I
wouldn't recommend Connectra.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
Bu e-posta icindeki bilgiler ve/veya mesajla iletilen butun
dosyalar sadece gondericisi tarafindan almasi amaclanan
yetkili kisinin kullanimi icindir ve gizlilik icerebilir.
Eger bu e-posta size yanlislikla ulasmissa, icerigini hic
bir sekilde kullanmayiniz. Bu durumda lutfen ilgili
e-postayi mesaj kutunuzdan siliniz ve gonderen kisiyi
uyariniz.
The information in this message and/or attachments is
intended solely for the attention and use of the named
addressee and may be confidential. If you are not the
intended recipient, you are hereby notified that you have
received this transmittal in error and that any use of it is
strictly prohibited. In such a case please delete this
message and kindly notify the sender accordingly.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Checkpoint VPN over SSL vs Juniper |
United States |
2007-10-19 17:31:00 |
We use RSA SecurID with a Juniper SA-2000 for remote
access.
I did use Check Point ICA certificates with a Connectra R62
box in my previous job.
As long as you stay away from plain old user name and
password, you'll be in a lot better shape almost regardless
of what you use.
Ray
> Date: Fri, 19 Oct 2007 14:10:47 -0500
> From: jlindblomMICO.COM
> Subject: Re: [FW-1] Checkpoint VPN over SSL vs Juniper
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
>
> Just a general question for you guy's since we are on
this topic. We are
> looking at one of these products for SSL VPN and
looking at the
> authentication, what are you guy's using for the SSL
VPN Authentication for
> the clients?
>
> Thanks,
> John
>
>
>
> Alan Choyna
> <achoynaPATHF.CO
> M>
To
> Sent by: Mailing
FW-1-MAILINGLISTAMADEUS.US.CHECKPO
> list for INT.COM
> discussion of
cc
> Firewall-1
> <FW-1-MAILINGLIST
Subject
> AMADEUS.US.CHECK [FW-1] Checkpoint
VPN over SSL vs
> POINT.COM> Juniper
>
>
> 10/18/2007 04:46
> PM
>
>
> Please respond to
> Mailing list for
> discussion of
> Firewall-1
> <FW-1-MAILINGLIST
> AMADEUS.US.CHECK
> POINT.COM>
>
>
>
>
>
>
> Hey Guru's,
>
> l don't want a flame contest or anything here, but am
wondering which is
> the better VPN over SSL solution, Checkpoint or
Juniper?
>
> We have checkpoint appliances so am wonder if
checkpoints solution are
> more integrated, and basically whether it holds a
candle to Juniper?
>
> Juniper is the market leader, so they must be doing
something right, but
> l want to know from you guru's who may have played with
them both which
> is better.
>
> We have a mix of users (Windows, Mac, Linux) in case
that matters, and
> should only have up to 50 concurrent sessions.
>
> Thanks in advance,
>
> Al
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
____________________________________________________________
_____
Boo! Scare away worms, viruses and so much more! Try Windows
Live OneCare!
http://onecare.live.com/standard/
en-us/purchase/trial.aspx?s_cid=wl_hotmailnews
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Checkpoint VPN over SSL vs Juniper |
United States |
2007-10-20 15:26:10 |
l have greatly appreciated everyones input on my question.
It has been
very informative.
Whilst most of the usage will be browser based for our
Windows, Mac &
Linux users, we also use SSL, DB management and Secure FTP
software as
well Does this change the selection at all?
It seems to me from what l'm hearing here that the Juniper
is market
leader for a reason. It seems that Checkpoints options are
lagging
behind in usability and options, even though they are
improving and
catching up over time.
Please correct me if my analysis of the responses were
incorrect.
It's Checkpoint's lack of true support for Mac OS (6 - 12
months VPN
software lag after OS upgrades) and lack of Linux VPN
client that is
driving this search, and while we're at it Ray l will be
recommending an
RSA SecurID sidekick to the project to beef up security for
our users
using Cyber cafe's (l know they will no matter how many
times you warn
them) and other public networks.
Al
Ray wrote:
> We use RSA SecurID with a Juniper SA-2000 for remote
access.
>
> I did use Check Point ICA certificates with a Connectra
R62 box in my previous job.
>
> As long as you stay away from plain old user name and
password, you'll be in a lot better shape almost regardless
of what you use.
>
> Ray
>
>
>> Date: Fri, 19 Oct 2007 14:10:47 -0500
>> From: jlindblomMICO.COM
>> Subject: Re: [FW-1] Checkpoint VPN over SSL vs
Juniper
>> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
>>
>> Just a general question for you guy's since we are
on this topic. We are
>> looking at one of these products for SSL VPN and
looking at the
>> authentication, what are you guy's using for the
SSL VPN Authentication for
>> the clients?
>>
>> Thanks,
>> John
>>
>>
>>
>> Alan Choyna
>> <achoynaPATHF.CO
>> M>
To
>> Sent by: Mailing
FW-1-MAILINGLISTAMADEUS.US.CHECKPO
>> list for INT.COM
>> discussion of
cc
>> Firewall-1
>> <FW-1-MAILINGLIST
Subject
>> AMADEUS.US.CHECK [FW-1] Checkpoint
VPN over SSL vs
>> POINT.COM> Juniper
>>
>>
>> 10/18/2007 04:46
>> PM
>>
>>
>> Please respond to
>> Mailing list for
>> discussion of
>> Firewall-1
>> <FW-1-MAILINGLIST
>> AMADEUS.US.CHECK
>> POINT.COM>
>>
>>
>>
>>
>>
>>
>> Hey Guru's,
>>
>> l don't want a flame contest or anything here, but
am wondering which is
>> the better VPN over SSL solution, Checkpoint or
Juniper?
>>
>> We have checkpoint appliances so am wonder if
checkpoints solution are
>> more integrated, and basically whether it holds a
candle to Juniper?
>>
>> Juniper is the market leader, so they must be doing
something right, but
>> l want to know from you guru's who may have played
with them both which
>> is better.
>>
>> We have a mix of users (Windows, Mac, Linux) in
case that matters, and
>> should only have up to 50 concurrent sessions.
>>
>> Thanks in advance,
>>
>> Al
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERVamadeus.us.checkpoint.com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http:
//www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-ownerts.checkpoint.com
>> =================================================
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERVamadeus.us.checkpoint.com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http:
//www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-ownerts.checkpoint.com
>> =================================================
>>
>
>
____________________________________________________________
_____
> Boo! Scare away worms, viruses and so much more! Try
Windows Live OneCare!
> http://onecare.live.com/standard/
en-us/purchase/trial.aspx?s_cid=wl_hotmailnews
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Checkpoint VPN over SSL vs Juniper |
Romania |
2007-10-20 15:58:48 |
Alan Choyna wrote:
> l have greatly appreciated everyones input on my
question. It has been
> very informative.
>
> Whilst most of the usage will be browser based for our
Windows, Mac &
> Linux users, we also use SSL, DB management and Secure
FTP software as
> well Does this change the selection at all?
no. juniper ssl has something called network connect taht
will allow
your users full blown network access if they need it (in
order to run
other applications that are not browser based)
the SA also supports to run Remote Desktop Protocol and SSH
via a Java
applet that they provide.
>
> It seems to me from what l'm hearing here that the
Juniper is market
> leader for a reason. It seems that Checkpoints options
are lagging
> behind in usability and options, even though they are
improving and
> catching up over time.
hardly.
>
> Please correct me if my analysis of the responses were
incorrect.
>
> It's Checkpoint's lack of true support for Mac OS (6 -
12 months VPN
> software lag after OS upgrades) and lack of Linux VPN
client that is
> driving this search, and while we're at it Ray l will
be recommending an
> RSA SecurID sidekick to the project to beef up security
for our users
> using Cyber cafe's (l know they will no matter how many
times you warn
> them) and other public networks.
>
Check Point uses an ActiveX control in the browser. This
should tell you
allot of what browsers are supported with their Connectra
software.
For Linux the latest secure client kernel module is for
RedHat 7.3 and
they don't seem to care that there are a lot of linux users
in the world.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
| Re: Checkpoint VPN over SSL vs Juniper |
United States |
2007-10-20 19:47:37 |
>> Whilst most of the usage will be browser based for
our Windows, Mac &
>> Linux users, we also use SSL, DB management and
Secure FTP software as
>> well
Juniper does not have any pre-defined host checks, such as
for a software firewall or anti-virus for platforms other
than Windows. They do let you check for specific files and
running processes on Macs and Linux so you can create your
own.
> the SA also supports running Remote Desktop Protocol
and SSH via a Java
> applet that they provide.
Yep. We have some Mac users running the Microsoft RDP client
for the Mac (a free download) and using the Java
functionality to RDP to Windows boxes. They also use Network
Connect for SSH to the Linux boxes.
> Check Point uses an ActiveX control in the browser.
This should tell you
> allot of what browsers are supported with their
Connectra software.
> For Linux the latest secure client kernel module is for
RedHat 7.3 and
> they don't seem to care that there are a lot of linux
users in the world.
Agreed. It's very odd behavior on their part. Even worse, if
you have hundreds of SecureClient licenses as we did, they
make you buy new licenses for SecureClient for the Mac. This
kind of nickel-and-dime behavior really sours management on
their products.
Ray
____________________________________________________________
_____
Boo! Scare away worms, viruses and so much more! Try Windows
Live OneCare!
http://onecare.live.com/standard/
en-us/purchase/trial.aspx?s_cid=wl_hotmailnews
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
|
[1-9]
|
|