Checkpoint Firewall..no thanks..

Checkpoint Firewalls remain a bane of my IT existence.

I have worked with many versions...in almost all cases the version I am using is NOT the current version of the software.

Why would so many shops use out dated checkpoint software? I imagine due to the buggy nature and overall annoyance of the upgrade processes. Sure if you have a policy server, you can just push the policy to the system.

Just kidding. You need to make sure you have your license correct...make sure you have saved all the local configuration...and don't forget your local.arp...what about routes...sure hope this works....

I've done it...and anyone out there can tell me "oh..its not that hard..did you export...did you run x, did you.."

All I'm going to say is CISCO or NETSCREEN. I can upgrade in less then 15 minutes...with a cluster I can do it with no downtime. I've done it...could not have been a more pleasurable experience.

Now...how about when it comes time to audit? Ever try to export the rules so they can be reviewed? Good luck with that. Screen capture and print to PDF are not good solutions. I can do a 'sho access-list' on Cisco and export to MS Excel.

If you are out there and contemplating purchasing checkpoint firewalls..don't

If you have checkpoint firewalls..and are looking to upgrade...Upgrade to a Cisco ASA or a Juniper Netscreen.

If you are a Checkpoint administrator and believe it to be the superior firewall platform...you clearly have not had the pleasure of using a system with a command line.

CLI 4 LIFE!