Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Which firewall is better, 1) ASA 2) juniper SRX 3) Checkpoint ?

user-image
Question added by Asad Maqsood , Senior Network Engineer , Wireless Communication Channels est
Date Posted: 2013/12/29
Mostafa Abdo
by Mostafa Abdo , Senior Infrastructure and Security Architect , Devoteam

of course CheckPoint is number one Firewall, but it is the most expensive one.

Daoud Daoud
by Daoud Daoud , Information Technology Operations Team Lead , Hikma Pharmaceuticals - Jordan

If you are searching for a comparison matrix her it is ( Link )

 

i want to replace your Juniper with FortiGate ( which am using ), if you want to go with Forti-Gate you should consider :

 

1- Make sure your Active Directory server (or LDAP connnection) is healthy enough to handle multiple, repeated connections, as this is how the device authenticates users

2-Make sure you have a good backend support contract with either Fortinet or local vendor who sold it to you. You'll have lots of questions and will need answers quickly

3-Plan your storage space. You'll get lots of logs, and lots of data. Decide what you need and for how long , if you connect a forti-analyzer will be better

4-Recomended if you want to build a strong active/active cluster.

 

For the Cisco ASA you have almost no flexibility, the Java web interface is super slow and stiff for lack of a better term, and implementing major features such as LAG (802.3ad) or port redundancy is quite an oddysey. And we're not talking about UTM yet for IPS, Anti-virus, etc, which are a separate set of licenses and integrations.

 

 

In regards to Checkpoint, I was never a fan of running such a critical app like my security gateway/firewall or UTM system on top of any operating system. Just think about blue-screens on windows for instance; you are at the mercy of the OS, its performance issues and most critical its vulnerabilities. It's like securing your network with iptables (linux)/pf firewall (BSD), or Windows Firewall/MS ISA-server and trusting it blindly.

 

You may want to base your analysis first on UTM (Firewall, IPS, apps control, DLP, anti-virus, User authentication, anti-spam, malware/spyware, etc). Then look at performance specs (concurrent conns/sec, memory, storage capacity, packets/sec, throughput on firewall/IPS/antivirus/vpn), and finally the infrastructure portion of it, that is what's their approach to solve high-availability, clustering, link aggregation, standby links and very important, session management & failover of your stateful connection tables. Don't forget about checking what kind of support you will receive from the manufacturer and/or local vendor. Choose the one that has the most benefits in tems of protection features, ease of management, high-availability and support.

 

I hope I made it clear to you :)

mohammed akram
by mohammed akram , Network Enginee , Digital Oasis Information Technology company

among are quite well use junipersrx or asa

More Questions Like This