Naddyboy, I really doubt you'd find a checkpoint evaluation.. you'd be better off checking out a trial version. Checkpoint as a firewall is actually a whole lot of modules, you buy licenses for whatever you want to use and on the CD you get demos of all their other stuff.
The Cisco PIX is a box.. whereas Check Point is software. Also checkpoint can be deployed in a distributed system.. hmm I actually have some short notes I wrote on CP NG a while ago as a general description.. I'll just post it here, keep in mind that some of the details may have changed :
Check Point Firewall-1 NG is a stateful multilayer inspection firewall consisting of a
1 GUI where security policy is defined
2 Management Server where the policy and logging is saved
3 Firewall module deployed at gateways where the security policy is loaded
The three components can be distributed through the network in a client-server model to provide a distributed solution with central management and secure remote administration using X.509 certificates. Inter module communication is done via SSL using 3DES or RC4. The firewall supports authentication through ‘security servers’ for http, ftp, telnet and rlogin. It also features content security for FTP, HTTP and SMTP including third party virus scanning and stripping activex and java tags from HTML.
The firewall maintains a rule base against which packets are checked and according to which rule they match, the appropriate action can be taken. The action need not be simple accept / reject, but can also involve NAT, authentication, and encryption.
The stateful inspection mechanism stores the state of each connection in a ‘state table’; this allows it to monitor the entire communication session. It is intelligent enough to recognize sessions such as FTP where the data and control ports are different. The firewall through its OPSEC architecture allows it to export the rule base into ACL (access-control lists) for many third party products such as routers etc, and can upload the ACL to them automatically.
Check Point supports the following crypto algorithms: AES, DES, 3DES, Ipsec and digital certificates for PKI (pub key infrastructure) enabled systems. It can map NT logon data (username etc) to IP addresses for single sign on, rules based by user and easier log reading.
There is an optional ConnectControl load balancing module which allows you to group many servers offering the same services to one IP address, for example all the web servers can be grouped to one IP address and the module can distribute requests to them on a round robin basis, by server load, by ping time, randomly, or by proximity (domain name). This is transparent to the users who think they are querying a single web server.
All systems running with the firewall module share the state information for redundancy, in case one system fails, the other module will seamlessly pick up the connection. This is also useful in situations where some of the packets may be routed through a different gateway and thus that gateway also needs to have access to the state table.