+ Reply to Thread
Results 1 to 11 of 11
  1. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,081

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #1

    Default CheckPoint vs ASA?

    hey guys

    do you see many companies going to checkpoint firewalls and is checkpoint cisco (my gut says it is not) but why are many companies not
    going with Cisco ASA type is it because Cisco is less user friendly for non
    Network Engineers?

    thanks
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member jovan88's Avatar
    Join Date
    May 2008
    Location
    Sydney, Australia
    Posts
    388

    Certifications
    CCNP R&S, CCNP Sec
    #2
    checkpoints are very popular firewalls, we use the UTM-1 a lot. They're easy to configure but their support isn't that great
    Reply With Quote Quote  

  4. The Bringer of Light DevilWAH's Avatar
    Join Date
    Jan 2010
    Location
    UK
    Posts
    2,967

    Certifications
    CCENT, CCNA, CCNA Security, ITIL Foundation, CCNP SWITCH,ROUTE, Zoology BSc,
    #3
    I know a lot of compinies go for Checkpoint, but you do also see a LOT of PIX firewalls around on job specs, which are of course cisco.

    The reson you see PIX rather than ASA is just becuse many compinies are not going to upgrade untill there PIX gets towards end of life.

    I think one reson is cost, Cisco are expensive, so many smaller compinies can't justifie the cost, and as yousiad you need expertise to install a ASA firewall. They seemed to be aimed more at thecompanies with a dedicated network department, rather than the more generic compinies where the network not the driving force behine the business, which look for the plug and play options.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
    Reply With Quote Quote  

  5. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    2,005

    Certifications
    CCNP, JNCIP-ENT, JNCIS-SP, JNCIA, JNCDA, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #4
    One key thing has kept my company from moving from checkpoint to ASAs. Crappy management tools, ASDM is nice but not for managing MANY clusters of firewalls. Provider-1 with check point is much easier to use for troubleshooting, rule management, and other stuff of that nature. We're beta testing the new Cisco Security Manager though so we will see if it matches up.
    Reply With Quote Quote  

  6. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,583

    Certifications
    SpecterOps: Powershell Adversary Tactics, SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #5
    I would say your assumption of checkpoint being easier / user friendly for non network engineers is dead on the spot. I have never worked with checkpoint but if its a GUI based firewall then yeah i can see why non-networking engineers would have a blast with click and point setup.

    I prefer Cisco ASA because when **** hits the fan I can get granular in my troubleshooting. Anything software based your stuck calling in tech support trying to figure out probably the simplest of problems. I also prefer the ASA because i spent countless hours studying and working with the device.

    I was looking at their certifications and wow their official book materials and labs are pretty steep. $600 bucks!
    https://www.checkpoint.com/CourseWare/OrderHomePage.jsp

    I figured its probably not bad to look into one or two certs from these guys since they are infact one of the top firewall companies out their. But wow im not going to invest 600 on reading material.

    Edit: nevermind i guess its a full course class.
    Last edited by chrisone; 04-07-2010 at 04:46 PM.
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), SpecterOps: PowerShell Adversary Tactics (completed), eCPPT (2nd attempt), LFCS (4th attempt )
    2018 Goals: eCPPT, OSCP
    Reply With Quote Quote  

  7. Senior Member itdaddy's Avatar
    Join Date
    Jan 2006
    Posts
    2,081

    Certifications
    A+, MCP, CCNA R/S, CCNA-Security, CCNA Collaboration, CCNP R/S
    #6
    wow thanks guys for your insight....yeah hope cisco gets on the ball with their ASDM..you would think they would
    Reply With Quote Quote  

  8. Senior Member Sett's Avatar
    Join Date
    Feb 2009
    Posts
    174

    Certifications
    CC[NI]P; JNCIA:Junos; JNCIS-ENT
    #7
    I have worked with both, and must say that I like Checkpoint better. Not because it is "easy", it just let you achieve the same results much faster. You can also keep track of your configurations and rules much more effective and it is less error-prone.
    I can not see ASDM to become so well designed any time soon.

    However, the main advantage of a FW is not how nice interface it has, it is all about productivity and reliability. The experts should tell which one is better by this criteria.
    Last edited by Sett; 04-08-2010 at 07:05 AM.
    Reply With Quote Quote  

  9. Senile old fart laidbackfreak's Avatar
    Join Date
    Oct 2007
    Location
    wandering t'internet
    Posts
    991

    Certifications
    CISSP, CCVP, CCNAV, CCNAS, CCNA
    #8
    Quote Originally Posted by Sett View Post
    I have worked with both, and must say that I like Checkpoint better. Not because it is "easy", it just let you achieve the same results much faster. You can also keep track of your configurations and rules much more effective and it is less error-prone.
    I can not see ASDM to become so well designed any time soon.

    However, the main advantage of a FW is not how nice interface it has, it is all about productivity and reliability. The experts should tell which one is better by this criteria.
    +1 for this, I have also worked with both and while everyone has mentioned the gui keep in my that checkpoint does also have a cli too. So while most work is done through the gui every now and then you need\can go to the cli and trouble shoot\change etc there too.
    Reply With Quote Quote  

  10. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #9
    I see either Checkpoint or Sidewinder (McAfee Enterprise) firewalls being used mostly.

    Watch security trends and see which has more vulnerabilities released against them.

    Review Monster.com, Indeed.com, Dice.com and Clearancejobs.com, to see what related certifications for those firewalls are most desired. The results will point you to where you need your training in.

    Food for thought though in multi-tier networks do not choose the same firewall for each tier. Different vendor hardware/software improves security because the same exploit does not work in all tiers.
    Reply With Quote Quote  

  11. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #10
    Quote Originally Posted by Chris:/* View Post

    Food for thought though in multi-tier networks do not choose the same firewall for each tier. Different vendor hardware/software improves security because the same exploit does not work in all tiers.
    That's subjective. If you can provide the same level of expertise for each vendor's appliances then it's true, but that is rare. What you gain in multi-tier exposure reduction from diversity you can quite easily lose in the levels to which each is configured correctly, also added complexity when attempting troubleshooting and forensics later.
    Reply With Quote Quote  

  12. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #11
    Quote Originally Posted by Ahriakin View Post
    That's subjective. If you can provide the same level of expertise for each vendor's appliances then it's true, but that is rare. What you gain in multi-tier exposure reduction from diversity you can quite easily lose in the levels to which each is configured correctly, also added complexity when attempting troubleshooting and forensics later.
    Very good points, but when moving to multi-tier networks and security the architecture and training should have been thought out long before implementation. This is almost never the case as you stated. I do agree with you unfortunately the average System Admin (SA) or Network Admin (NA) shop does not have the experience or skills needed for deploying or maintaining such a setup.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks