RE: [fw-wiz] Intel vs. special purpose FW-1 servers

From: Sawyer, Christopher (Christopher.Sawyer_at_getronics.com)
Date: 07/21/05

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Discretionary WiFi Access"
    To: "Paul Melson" <pmelson@gmail.com>, "Emily Conrad" <emilydconrad@hotmail.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 21 Jul 2005 13:50:25 -0400
    
    
    

    I agree the SPLAT is awesome, but what about he costs of VPG or HVPG
    licenses need to run clustering on the SPLAT boxes...

    The cost to convert our existing and the maintence on these licenses exceed
    most Nokia hardware prices which comes with VRRP for free.

     

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Paul Melson
    Sent: Thursday, July 21, 2005 11:04 AM
    To: 'Emily Conrad'; firewall-wizards@honor.icsalabs.com
    Subject: RE: [fw-wiz] Intel vs. special purpose FW-1 servers

    IMHO, there's no longer any viable reason to buy new Nokia/IPSO appliances
    to run Check Point. You can match or exceed scale and performance with
    SecurePlatform on cheaper x86 server hardware. And now that clustering is
    part of NG-AI, Nokia's got nothing on SecurePlatform.

    Crossbeam boxes, which I have no hands-on experience with, have extremely
    high port density. If that's helpful, for instance if you need 10 firewall
    interfaces per 1U of rack space, then these may be your only option (short
    of looking at Cisco chassis switches with FWSM blades).

    Even then Check Point supports 802.1Q VLAN tagging and virtual interfaces,
    so you can turn a single physical interface on a SecurePlatform box into a
    dozen or more logical interfaces by connecting to a switch that supports
    VLAN tagging.

    Anyway, my advice is to assume that you will be running SecurePlatform on
    some x86 server (see HCL:
    http://www.checkpoint.com/products/supported_platforms/secureplatform.html)
    and then only select a different product if your environment requires it.

    PaulM

    -----Original Message-----
    Subject: [fw-wiz] Intel vs. special purpose FW-1 servers

    Hello,

    We are working on a project to upgrade our firewall infrastructure.

    One of the questions is whether to use FW-1 on a standard Intel server or to
    use a special-purpose optimized version of FW-1 on a dedicated hardware
    platform such as Nokia firewall appliance or Crossbeam systems C30/X40.

    Does anyone have any advice on what factors are important when making such a
    decision?

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Paul D. Robertson: "Re: [fw-wiz] Discretionary WiFi Access"