- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Cisco or Checkpoint
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cisco or Check Point
Which is better cisco or checkpoint & why? I am not able to get clear answer to this over the net. Can anybody explain in simple language. From features, pricing and any number of point of view?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cisco focuses on a lot more than just security.
With Check Point, that's all we do.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In other words.
If if you need networking, to Cisco. If security is what you are looking for, go Check Point
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But, cisco provides security also with ASA. What makes Checkpoint better than Cisco ASA?
Like Pro & Cons for both of them?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For a general answer: WHY CHECK POINT – THE FOUR POINTS
If you can provide a bit more details about your specific use case, we can give you more specific answers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi https://community.checkpoint.com/people/376e8997-fad8-487d-a901-7c9d82a892ff
Pro Check Point:
- easy and faster VPN configuration
- faster policy creation
- more security blades
- open server
- Linux as OS -> scripting
- higher security level
- multi domain management
...
Regards
Heiko
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunatelly every vendor has his own version
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A lot of ASA management functions rely on the use of Java runtime of particular versions, specifically those that are considered insecure.
Additionally, look at this Cisco resource:
Security Advisories and Alerts
and enter "ASA" to see the list of vulnerabilities that this line of products were a subject to.
Then, on the same site, select a "Non-Cisco Product" and look up "Check Point".
The results are pretty conclusive.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And the SourceFire-acquired FirePOWER product integration with Cisco ASA has its own issues, see this very eye-opening reddit thread from actual users of the product:
https://www.reddit.com/r/networking/comments/9363af/cisco_firepower_rant/
--
CheckMates Break Out Sessions Speaker
CPX 2019 Las Vegas & Vienna - Tuesday@13:30
CET (Europe) Timezone Course Scheduled for July 1-2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And this one from last month. Many, many people are unhappy with FirePOWER
https://www.reddit.com/r/networking/comments/9vynr9/cisco_firepower_rant_ii/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hadn't seen this most recent one, thanks!
--
CheckMates Break Out Sessions Speaker
CPX 2019 Las Vegas & Vienna - Tuesday@13:30
CET (Europe) Timezone Course Scheduled for July 1-2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The number of Cisco advisories in the last few years with hardcoded credentials has been pretty alarming.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We previously had a Cisco ASA protecting our Guest Network. Managing that thing was nightmare. It was always refreshing coming back to our corporate CheckPoint firewall interface. The ASA management interface is just so convoluted and more complicated than it needs to be. Not to mention its a Java application. Many basic functions such as NAT and object management are so much more streamlined in CheckPoint. It's hard to describe without you actually having to use one over the other.
Viewing logs is another nightmare on an ASA. It takes more work than it does on CheckPoint. This means you spend far less time debugging.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did some price matching last year, and the Cisco FirePower Product was 2-3 times more expensive for our application.
Also, there have been a spate of vulnerabilities affecting all of Cisco's product in recent history. Palo Alto too has its share of issues in this arena. I can't remember the last time I had to put an emergency patch onto Check Point devices to harden it against something in the wild.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe last time we've had to apply the emergency patch, it was for the heartbleed vulnerability.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My personal feeling is that Cisco's Firewall offerings are overpriced due to people that are willing to pony up the cash to have all of their services be Cisco based. But their Firewalls end up seeming very much like a lot of modules slapped together that don't integrate well. They keep acquiring companies and then instead of integrating their software into the main product you end up needing something like an IPS module that runs a full operating system just for that feature.
CheckPoint's product is more stable and modular to allow the OS to add and remove parts without necessarily needing hardware to do so.
Also fixing issues in CheckPoint is nicer when you are able to login to a full Linux OS to run regular Linux commands and check log files like you could on any Linux server instead of memorizing hundreds of proprietary Cisco commands for every function.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For a very very simple answer, you can't beat Checkpoint logging. One line one answer, you don't have to sift through syslog rolling off your screen or buy another product to see if your connection is working or not. Checkpoints logging solution is top of the line.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For years I have been a firewall admin and worked on both Cisco ASA and Check Point one feature that has always stood out for me is the centralized management with Check Point. So, say I am managing fifty firewalls and I need to roll out 1 rule, the same rule to all of them. On Check Point management I can make the rule once then copy and paste it to all the other firewall policies. On a Cisco ASA firewall I need to login to each one and create the rule. That's a lot of time. I did work for a large company with ASAs and I would have these make rules that needed to be put 50 firewalls and every time I would think this would be so much easier and faster if they was a Check Point environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've managed Check Point firewalls for lots of years with no exposure to any other vendor until roughly 5 years ago, when it was decided, by management, that we needed to try Cisco ASA. Since we've implemented ASA, I've now been exposed to just how good the Check Point solution is. To Leslie's point, Check Point's central management is the most noticeable difference. If I have the same policy across a large number of firewalls, it's one policy push to all. However, with Cisco, it's copy/paste/paste/paste/paste/etc., with occasional random paste errors.
In the 5 years since we've had both in place, I've seen far more vulnerabilities reported on ASA's than Check Point's as well.
Logging is also a major difference. Check Point offers it natively. With Cisco, you have to use a SIEM solution of some kind.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Better at what? This is an absolutely meaningless question and a waste of time to answer, unless you are specific on what exact parameters and use-case you are talking about.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the priviledge of using Cisco (ASA, FirePower etc) and CheckPoint. For Network Security my own assessment is Check Point is miles ahead. That holistic integration of services(blades) and its rich-reporting capability also stands-out. Cisco is good also but Check Point is a step ahead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
agent in AD server and all login and logout event will come to cisco firepower management , in this case user will get single sign authentication when FMC is reachable . suppose for some reason when FMC will goes down or not reachable in that case all user affected which will not be authenticated without FMC. ----------- Other side checkpoint is more reliable because in Checkpoint when Mangement connectivity goes down and unreachable it will not impact on production - only one thing that we can not do changes but network is running good without fluctuation .-------------------->> so in this comparison Checkpoint is good ---For mitigate this limitation in cisco we can make high-availabity for FMC so it will always reachable.
2. In cisco Local user we can not create - we shoule compulsary use authentication method like Radius or LDAP without this method there is no option available to make user locally.
--- Checkpoint have this feature means in checkpoint we can make local user
3.In Cisco when we have multiple objects for service and network etc, so in this case we should create manually - only when we will do migration from asa that will we get in migration tool directly but when we are migrating to cisco firepoer from another OEM we should do manually .
-- In checkpoint newer version R80 provide this feature when we have bulk object we can create through CLI
4.Checkpoint SSL VPN provide OTP integration --- Cisco Firepower don't have option to configure OTP integration with SSL VPN -- they have only option for RSA which is published in new release.
5. IN Checkpoint we can assign IPS and Threat prevation profile to all traffic directly from that blade - in cisco we have to assign IPS and Malware policy to each and every policy . so if we have around 4000 policy so we have to do manual process for all policy.
