Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Which firewall is better, 1) ASA 2) juniper SRX 3) Checkpoint ?

CCNP
user-image
Question added by Asad Maqsood , Lecturer/Network Engineer , sarhad university of science & information technology
Date Posted: 2013/12/29
Upvote (0) Views (22) Followers (0) Answers (3) Report Question
Write an Answer
Register now or log in to answer.
Mostafa Abdo
by Mostafa Abdo , Senior Infrastructure and Security Architect , Devoteam

of course CheckPoint is number one Firewall, but it is the most expensive one.

Daoud Daoud
by Daoud Daoud , Information Technology Operations Team Lead , Hikma Pharmaceuticals - Jordan

If you are searching for a comparison matrix her it is ( Link )

 

i want to replace your Juniper with FortiGate ( which am using ), if you want to go with Forti-Gate you should consider :

 

1- Make sure your Active Directory server (or LDAP connnection) is healthy enough to handle multiple, repeated connections, as this is how the device authenticates users

2-Make sure you have a good backend support contract with either Fortinet or local vendor who sold it to you. You'll have lots of questions and will need answers quickly

3-Plan your storage space. You'll get lots of logs, and lots of data. Decide what you need and for how long , if you connect a forti-analyzer will be better

4-Recomended if you want to build a strong active/active cluster.

 

For the Cisco ASA you have almost no flexibility, the Java web interface is super slow and stiff for lack of a better term, and implementing major features such as LAG (802.3ad) or port redundancy is quite an oddysey. And we're not talking about UTM yet for IPS, Anti-virus, etc, which are a separate set of licenses and integrations.

 

 

In regards to Checkpoint, I was never a fan of running such a critical app like my security gateway/firewall or UTM system on top of any operating system. Just think about blue-screens on windows for instance; you are at the mercy of the OS, its performance issues and most critical its vulnerabilities. It's like securing your network with iptables (linux)/pf firewall (BSD), or Windows Firewall/MS ISA-server and trusting it blindly.

 

You may want to base your analysis first on UTM (Firewall, IPS, apps control, DLP, anti-virus, User authentication, anti-spam, malware/spyware, etc). Then look at performance specs (concurrent conns/sec, memory, storage capacity, packets/sec, throughput on firewall/IPS/antivirus/vpn), and finally the infrastructure portion of it, that is what's their approach to solve high-availability, clustering, link aggregation, standby links and very important, session management & failover of your stateful connection tables. Don't forget about checking what kind of support you will receive from the manufacturer and/or local vendor. Choose the one that has the most benefits in tems of protection features, ease of management, high-availability and support.

 

I hope I made it clear to you :)

mohammed akram
by mohammed akram , Network Enginee , Digital Oasis Information Technology company

among are quite well use junipersrx or asa

Write Your Answer
More Questions Like This

Do you need help in adding the right keywords to your CV? Let our CV writing experts help you.

Get Help