RE: [fw-wiz] Intel vs. special purpose FW-1 servers

From: Sawyer, Christopher (Christopher.Sawyer_at_getronics.com)
Date: 07/21/05

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Discretionary WiFi Access"
    To: "Paul Melson" <pmelson@gmail.com>, "Emily Conrad" <emilydconrad@hotmail.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 21 Jul 2005 13:50:25 -0400
    
    
    

    I agree the SPLAT is awesome, but what about he costs of VPG or HVPG
    licenses need to run clustering on the SPLAT boxes...

    The cost to convert our existing and the maintence on these licenses exceed
    most Nokia hardware prices which comes with VRRP for free.

     

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Paul Melson
    Sent: Thursday, July 21, 2005 11:04 AM
    To: 'Emily Conrad'; firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] Intel vs. special purpose FW-1 servers

    IMHO, there's no longer any viable reason to buy new Nokia/IPSO appliances
    to run Check Point. You can match or exceed scale and performance with
    SecurePlatform on cheaper x86 server hardware. And now that clustering is
    part of NG-AI, Nokia's got nothing on SecurePlatform.

    Crossbeam boxes, which I have no hands-on experience with, have extremely
    high port density. If that's helpful, for instance if you need 10 firewall
    interfaces per 1U of rack space, then these may be your only option (short
    of looking at Cisco chassis switches with FWSM blades).

    Even then Check Point supports 802.1Q VLAN tagging and virtual interfaces,
    so you can turn a single physical interface on a SecurePlatform box into a
    dozen or more logical interfaces by connecting to a switch that supports
    VLAN tagging.

    Anyway, my advice is to assume that you will be running SecurePlatform on
    some x86 server (see HCL:
    http://www.checkpoint.com/products/supported_platforms/secureplatform.html)
    and then only select a different product if your environment requires it.

    PaulM

    -----Original Message-----
    Subject: [fw-wiz] Intel vs. special purpose FW-1 servers

    Hello,

    We are working on a project to upgrade our firewall infrastructure.

    One of the questions is whether to use FW-1 on a standard Intel server or to
    use a special-purpose optimized version of FW-1 on a dedicated hardware
    platform such as Nokia firewall appliance or Crossbeam systems C30/X40.

    Does anyone have any advice on what factors are important when making such a
    decision?

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Paul D. Robertson: "Re: [fw-wiz] Discretionary WiFi Access"

    Relevant Pages

    • Re: Thoughts on Design
      ... exchanges) between those boxes. ... Will I need discovery mechanisms? ... their interfaces to the level of granularity that you require. ... Writing the glue that will make your interfaces behave as you ...
      (borland.public.delphi.non-technical)
    • RE: [fw-wiz] Intel vs. special purpose FW-1 servers
      ... there's no longer any viable reason to buy new Nokia/IPSO appliances ... SecurePlatform on cheaper x86 server hardware. ... Even then Check Point supports 802.1Q VLAN tagging and virtual interfaces, ... We are working on a project to upgrade our firewall infrastructure. ...
      (Firewall-Wizards)
    • Re: 6.2 SHOWSTOPPER - em completely unusable on 6.2
      ... Martin Nilsson wrote: ... All the boxes I've had this problem on have _two_ em interfaces. ... Yesterday my local network got completely wacky, the gateway had em0 timeouts on the screen: but em0 is the _outside_ the windows box that I had to reboot was attached to the inside on em1! ...
      (freebsd-stable)
    • Re: 6.2 SHOWSTOPPER - em completely unusable on 6.2
      ... All the boxes I've had this problem on have _two_ em interfaces. ... Yesterday my local network got completely wacky, the gateway had em0 timeouts on the screen: but em0 is the _outside_ the windows box that I had to reboot was attached to the inside on em1! ... Could there be something wrong in the driver if we have more than one em interface? ...
      (freebsd-stable)
    • Re: 6.2 SHOWSTOPPER - em completely unusable on 6.2
      ... All the boxes I've had this problem on have _two_ em interfaces. ... Yesterday my local network got completely wacky, the gateway had em0 ... the timeouts occur on both interfaces. ...
      (freebsd-stable)