Re: Astaro or Checkpoint?

In article <e1f0a159-1ec9-4d0c-b3e0-
3d3fbc0e805b@xxxxxxxxxxxxxxxxxxxxxxxxxxx>, eclipse79@xxxxxxxxx says...

Hello everyone,
I need a suggestion, I have to replace a Zywall 5 with a better
product. My experience with Zyxel is not good, low performance and too
many false positive with IDP filter. I have read some datasheet of
Astaro (120/220) and Checkpoint (UTM-1 Edge Appliance) products, in
your opinion which is better? These are the feature I want:

- Router/Firewall
- At least 4 port for LAN / DMZ (6 if possible)
- IDP/IDS functions (if possible also antivirus function)
- Web Content Filter function
- At least 5 VPN connection

WatchGuard X550e devices with UTM are going to offer a better path.

If you really need 6 different DMZ Networks you will need a x1250E
device, if you just need 6 DMZ IP addresses, well, they really are not a
DMZ if they are in the same network as your LAN.

A WG firebox unit will provide LAN, WAN, DMZ network jacks, you assign
rules based on paths between those networks - they are real networks,
meaning that the DMZ is its own network, not just an IP inside the LAN.

You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@xxxxxxxxxx (remove 999 for proper email address)

Relevant Pages

  • DC on DMZ best pratices...
    ... AD forest spread across the Internet in 3 Sites... ... currently all networks are public IPs... ... IE DMZs protected by ISA ... basically I need to setup replication with my internal DC and my DMZ ...
  • Re: Help with security design documentation
    ... If you believe that having a three networks (DMZ, public, private) reduces your security risk, then it's obviously silly to say "we have a private network that we run a public server on, and a DMZ with nothing on it, and a public network to talk to the empty DMZ". ...
  • Re: [fw-wiz] static nat and tcp limits
    ... I have two independent networks. ... Pix probably would not allow it. ... nat 0 access-list nonat_acl ... different IP addresses between your DMZ & inside networks. ...
  • Re: Penetration Testing
    ... running on what networks, you SCAN THE ENTIRE NETWORK, ATTACK ... everything you own in the DMZ from the LAN, then from the DMZ you attack ... everything in the LAN. ...
  • Re: Port 80 on a DC
    ... hole in our firewall until we can change it over to being in the DMZ. ... What's the perceived value to hosting your company's website in house ... None of my clients hosts their own websites on their networks at all. ... having port 80 ...