I work in an environment where I have to be familiar with
Cisco Pix,
Checkpoint on Nokia and Juniper Firewall and I agree that
Checkpoint
wins hand-down in terms of centralize management.
Checkpoint
TAC support, is another matter.
Juniper SSL VPN is much better product than Checkpoint
Connectra.
We are going to deploy Juniper SSL VPN soon in my new job
and
so far I am very happy with Juniper SSL VPN. Juniper TAC
support
is much better than Checkpoint TAC.
F5 FirePass is also a very good product but TAC support
is
just as bad as checkpoint
That's my 2c
Justin Ross <jross CRICKETCOMMUNICATIONS.COM> wrote:
Just thought I would weigh on this. I helped support 600+
VPN's on
Junipers for the DOD, and currently managing 200+ VPN's on a
Checkpoint
(R65). I have to say that it is easier to manage Checkpoint
VPN's and
troubleshoot them, especially in our environment where we
have an
exorbitant amount of NAT's and firewall rules. The Juniper's
central
management sucked, in my opinion, to the point where we
would have to
manually create the device configs by hand, and then use NSM
to push.
Supporting the Juniper was a lot like supporting Cisco
devices, in that
you have to search text files or output, hunting and
searching for the
configs for certain VPN's, NAT's, and rules effected by an
issue. You
can forget about using the web GUI for any troubleshooting
or log
monitoring unless you are a very small shop. Troubleshooting
the VPN's
took a lot longer (in my opinion) because the
logging/management
features are not as good as Checkpoint, I'm not sure anyone
would argue
that (including Juniper).
Having such a large environment of Juniper VPN's (pretty
much every
device and configuration and version of ScreenOS Juniper
makes) I ran
into a lot of bugs, including anomalous VPN failures that
were only
resolved by rebooting the clustered devices, and strange VPN
failures
(key exchange) which was only solved by reloads, or solved
by having
updated patched version of the ScreenOS sent to us in
emergency
situations.
Other's mileage may vary, but in my opinion Checkpoint VPN's
win hands
down just for ease of support and administration if nothing
else. I'm
not a netscreen "hater" by any means, and I would
take Netscreen over
Pix or ASA any day... But it just can't compare to
Checkpoint.
Just my 2 cents,
Justin Ross
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Alan
Choyna
Sent: Thursday, October 18, 2007 2:46 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Checkpoint VPN over SSL vs Juniper
Hey Guru's,
l don't want a flame contest or anything here, but am
wondering which is
the better VPN over SSL solution, Checkpoint or Juniper?
We have checkpoint appliances so am wonder if checkpoints
solution are
more integrated, and basically whether it holds a candle to
Juniper?
Juniper is the market leader, so they must be doing
something right, but
l want to know from you guru's who may have played with them
both which
is better.
We have a mix of users (Windows, Mac, Linux) in case that
matters, and
should only have up to 50 concurrent sessions.
Thanks in advance,
Al
=================================================
To set vacation, Out-Of-Office, or away messages, send an
email to
LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription
options,
email fw-1-ownerts.checkpoint.com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection
around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
