CheckPoint vs ASA?
itdaddy
Senior MemberMember Posts: 2,089 ■■■■□□□□□□
hey guys
do you see many companies going to checkpoint firewalls and is checkpoint cisco (my gut says it is not) but why are many companies not
going with Cisco ASA type is it because Cisco is less user friendly for non
Network Engineers?
thanks
do you see many companies going to checkpoint firewalls and is checkpoint cisco (my gut says it is not) but why are many companies not
going with Cisco ASA type is it because Cisco is less user friendly for non
Network Engineers?
thanks
Comments
The reson you see PIX rather than ASA is just becuse many compinies are not going to upgrade untill there PIX gets towards end of life.
I think one reson is cost, Cisco are expensive, so many smaller compinies can't justifie the cost, and as yousiad you need expertise to install a ASA firewall. They seemed to be aimed more at thecompanies with a dedicated network department, rather than the more generic compinies where the network not the driving force behine the business, which look for the plug and play options.
I prefer Cisco ASA because when **** hits the fan I can get granular in my troubleshooting. Anything software based your stuck calling in tech support trying to figure out probably the simplest of problems. I also prefer the ASA because i spent countless hours studying and working with the device.
I was looking at their certifications and wow their official book materials and labs are pretty steep. $600 bucks!
https://www.checkpoint.com/CourseWare/OrderHomePage.jsp
I figured its probably not bad to look into one or two certs from these guys since they are infact one of the top firewall companies out their. But wow im not going to invest 600 on reading material.
Edit: nevermind i guess its a full course class.
2022 Goals:
Certs: EnCE (Phase 1 - Passed, Phase 2 - awaiting results), eCPTXv2 (in progress), SC-300 (in progress), AZ-500, SC-100
Course: BC Security - Empire Operations 1 (completed), Zero Point Security - CRTO (course completed)
I can not see ASDM to become so well designed any time soon.
However, the main advantage of a FW is not how nice interface it has, it is all about productivity and reliability. The experts should tell which one is better by this criteria.
+1 for this, I have also worked with both and while everyone has mentioned the gui keep in my that checkpoint does also have a cli too. So while most work is done through the gui every now and then you need\can go to the cli and trouble shoot\change etc there too.
Watch security trends and see which has more vulnerabilities released against them.
Review Monster.com, Indeed.com, Dice.com and Clearancejobs.com, to see what related certifications for those firewalls are most desired. The results will point you to where you need your training in.
Food for thought though in multi-tier networks do not choose the same firewall for each tier. Different vendor hardware/software improves security because the same exploit does not work in all tiers.
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology
That's subjective. If you can provide the same level of expertise for each vendor's appliances then it's true, but that is rare. What you gain in multi-tier exposure reduction from diversity you can quite easily lose in the levels to which each is configured correctly, also added complexity when attempting troubleshooting and forensics later.
Very good points, but when moving to multi-tier networks and security the architecture and training should have been thought out long before implementation. This is almost never the case as you stated. I do agree with you unfortunately the average System Admin (SA) or Network Admin (NA) shop does not have the experience or skills needed for deploying or maintaining such a setup.
M.S. Information Security and Assurance
B.S. Computer Science - Summa Cum Laude
A.A.S. Electronic Systems Technology