How is Cisco ASA Firewall different from CheckPoint?

IT Manager
  • Total 1 Answer
  • 15266
Can You answer this question?

There is a vast difference between Cisco ASA Firewall and CheckPoint Firewall. Below, I am mentioning the difference amid two on the basis of different parameters –

·      Throughput –

Cisco ASA Firewall throughput ranges from 5 Gbps up to 20 Gbps (Low-end device - on 5500 Series supports 5Gbps, High-end Device supports 20Gbps), with VPN throughput reduces from 1Gbps to 5Gbps, with IPS Performance it will reduce further.

Checkpoint Firewall throughput ranges from 3Gbps up to 200 Gbps (Low end device 2200 Appliance supports 3Gbps, High end Device 61000 supports 200Gbps), with IPS, throughput reduces from 2Gbps (on the lower end device) to 85 Gbps (on the higher end device).

·      Context based mode –

Context based mode is available in Cisco ASA Firewall whereas Checkpoint Firewall has a similar offering which is known as Security Gateway Virtual Edition (VE).

·      Gateways –

Cisco ASA Firewall can have only 2 gateways in an active/active Cluster. On the contrary Checkpoint Cluster XL can support up to 5 Gateways in a cluster.

·      Cluster –

Cisco ASA active/active is not a true cluster (active/active) since it is available or useable only if you are running multiple contexts (one context will be active on one gateway and another context is active on another gateway) whereas Checkpoint Cluster XL is a true cluster, you can utilize all the 5 gateways simultaneously.

·      FQDN –

Cisco ASA Firewall doesn't support FQDN while it is supported in Checkpoint Firewall.

·      User-based access

It is not possible in Cisco ASA Firewall while it can be provided in Checkpoint Firewall (Identity awareness blade) based on active directory login information.

Hope, it helped you to understand the difference between Cisco ASA Firewall and Checkpoint Firewall. An in-depth knowledge about firewalls is covered in Cisco CCNP Security certification and CCIE Security certification.