More Pros-Cons of NanoVision

So we hired a one of those wiz bang Cisco geek smart guys that was a Palo Alto admin in his past 2 gigs 8,000 users each about. These are his pros and cons:

Pros:

– easy to manage and understand, quick learning curve
– stable
– good support
– licensing is simplier than Cisco and CP
– good for small shops
– integration with AD was good
– Cisco weenie says if you have ASA, its a no brainer to move to PA. If you have CP it
   is a sideways move some pluses and some minuses.
Cons:
– groups have 500 limit and then you must create more sub/groups for objects
– Objects can be either global objects or firewall specific objects. No way for
  1 object can be shared by several specific firewalls. Zones are used to assign
   rules to a group of firewalls but CANNOT hold objects.
– Small firewalls have limits on number of objects they support so be careful with
   large number of shared objects, especially if you have lots of global shared objects
– logging is poor when scales
– they are hemorrhaging cash $200M+ in last year, when do they hit the wall?
SUMMARY: good for small shops. larger shops will hit the wall when buying bigger appliances because underlying software does not scale that well for large number of objects/users/rules, etc.
Once again MDS has not been replaced, the heart and soul of CP. Everyone and their mother can implement security technologies(ACLs, AV, antibot, IPS, antispam,etc), but so far only CP can converge them into a SCALABLE single pane of glass security management (as long as they test them this time before they ship!!!)
Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • AndreasF  On January 1, 2015 at 4:25 am

    If you think MDS is scaling tomanage firewall, you might want to talk to Barracuda Networks. The Barracuda NG Firewall (ex-Phion) really is scalable. They have heir own issues, but scalability isn’t one of them. One of their customers is managing several 100 instances with two (2) FTEs, try that with Check Point (or Palo or Cisco using Cisco software).
    It is a good product eecially one you have understood their design.

    • Dreezman  On January 2, 2015 at 9:56 am

      This is one of the best replies I have ever gotten. I agree, firewalls are firewalls – The differentiator is CAN YOU MANAGE THEM!!!

      Don’t know anything about Barracuda but I’m glad you shared this with the world. Thanks a ton.

      One thing about Barracuda marketing and brand. If you type firewall into google, or have ever been in an airport (big ads), this is the brand I associate with firewalls.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: