Comment Re:Netscreen is pretty crappy (Score 1) 35
After working with PIX's, Checkpoints, Netscreens and Fortigates, I would go for Checkpoints every single time, given the exhorbitent amount that Checkpoints cost. I find the Netscreen web GUI really oddly put together (but administration consoles for any firewall take getting used to), and have seen them go flakey after a couple of months of uptime (dropping random packets to ports, etc.) with the only solution a restart.
The Checkpoints (especially the IPSO based Nokia boxes) are rock solid, and packed with features (if you want to pay that high price). We have several of these boxes (IP 330's, IP 350's, IP 390's) that have been running great for years with no issues. We push a hell of a lot of traffic through them, and don't get the issues we've seen with some Netscreens.
The Fortigates got off to a bad start with us - they do weird things too, especially when they're clustered. The GUI is really slick, but sometimes too many features just get in the way of what you want to get done.
The PIX's are really nice too, and seem to "just work". I've less experience with these than the others, but I'd go for a PIX over a Netscreen any day.
The Checkpoints (especially the IPSO based Nokia boxes) are rock solid, and packed with features (if you want to pay that high price). We have several of these boxes (IP 330's, IP 350's, IP 390's) that have been running great for years with no issues. We push a hell of a lot of traffic through them, and don't get the issues we've seen with some Netscreens.
The Fortigates got off to a bad start with us - they do weird things too, especially when they're clustered. The GUI is really slick, but sometimes too many features just get in the way of what you want to get done.
The PIX's are really nice too, and seem to "just work". I've less experience with these than the others, but I'd go for a PIX over a Netscreen any day.
