[j-nsp] SRX vs Checkpoint (4800)
pkc_mls
pkc_mls at yahoo.fr
Mon Nov 25 10:30:26 EST 2013
Le 24/11/2013 08:51, Skeeve Stevens a écrit :
> Hey all,
>
> I have a customer where we have been slowly deploying Juniper (instead of
> Cisco) for their routing and switching, and that has been going well.
>
> But the other day they asked me about replacing their Checkpoint 4800's
> with Juniper SRX. For their needs, I am thinking of a pair of SRX550's.
> But, I would like to justify my advice... Does anyone have any
> comparisons, etc... for Checkpoint 4800's (or that family) against SRX's?
>
> Also, rather than just touching command-line to create/change rules... is
> there any GUI management tool for SRX firewall rules? I've heard of Space,
> but the Juniper website only really talks about it in 'concept' and I can't
> even tell if its a physical, virtual or app platform, and what it would
> look like.
>
> I've also heard of JACL - a non-supported migration/management tool, but it
> seems to have disappeared from the net.
Hi,
To me it depends which features your customer requires :
- nice gui, user authentication, vpn ssl, logs ?
- strong routing capabilities, cli config ?
Why did they ask to replace the checkpoint ?
What does your customer like or doesn't like with checkpoint ?
Regarding how to migrate, there are tools available to export
configuration from checkpoint (check cprules or odumper/ofiller).
Keep in mind that checkpoint is not a zone based firewall, which means
that you have to find a way to specify the zone if you wish to migrate
automatically from checkpoint to juniper.
hope this helps.
More information about the juniper-nsp
mailing list