Register now or log in to join your professional community.
of course CheckPoint is number one Firewall, but it is the most expensive one.
If you are searching for a comparison matrix her it is ( Link )
i want to replace your Juniper with FortiGate ( which am using ), if you want to go with Forti-Gate you should consider :
1- Make sure your Active Directory server (or LDAP connnection) is healthy enough to handle multiple, repeated connections, as this is how the device authenticates users
2-Make sure you have a good backend support contract with either Fortinet or local vendor who sold it to you. You'll have lots of questions and will need answers quickly
3-Plan your storage space. You'll get lots of logs, and lots of data. Decide what you need and for how long , if you connect a forti-analyzer will be better
4-Recomended if you want to build a strong active/active cluster.
For the Cisco ASA you have almost no flexibility, the Java web interface is super slow and stiff for lack of a better term, and implementing major features such as LAG (802.3ad) or port redundancy is quite an oddysey. And we're not talking about UTM yet for IPS, Anti-virus, etc, which are a separate set of licenses and integrations.
In regards to Checkpoint, I was never a fan of running such a critical app like my security gateway/firewall or UTM system on top of any operating system. Just think about blue-screens on windows for instance; you are at the mercy of the OS, its performance issues and most critical its vulnerabilities. It's like securing your network with iptables (linux)/pf firewall (BSD), or Windows Firewall/MS ISA-server and trusting it blindly.
You may want to base your analysis first on UTM (Firewall, IPS, apps control, DLP, anti-virus, User authentication, anti-spam, malware/spyware, etc). Then look at performance specs (concurrent conns/sec, memory, storage capacity, packets/sec, throughput on firewall/IPS/antivirus/vpn), and finally the infrastructure portion of it, that is what's their approach to solve high-availability, clustering, link aggregation, standby links and very important, session management & failover of your stateful connection tables. Don't forget about checking what kind of support you will receive from the manufacturer and/or local vendor. Choose the one that has the most benefits in tems of protection features, ease of management, high-availability and support.
I hope I made it clear to you :)
among are quite well use junipersrx or asa