Web Host Chat - View Single Post

freethought · 25th January 2008

I am VERY familiar with Check Point and their IPSec VPNs. Have managed a few hundred firewalls from 4.0 to NGX R62 on Windows, Red Hat Linux and SecurePlatform (Check Point's hardened version of Red Hat stripped right down to the bare minimum).
Not worked much with the SSL VPNs (Basically had a play around with Connectra in a lab) so I can't really comment on that, other than it looks very shiny.

With regards to hardware, Most of my experience is with SecurePlatform on HP/Comaq servers with a few RedHat machines where SecurePlatform wouldn't work on that hardware (SecurePlatform NG R55 just wouldn't load on the old Netserver LC2000s). SecurePlatform is a fantastic system that just keeps getting better.
I have used several versions on Nokias and would generally advise against it (depending on exactly how they're being deployed, I have used Nokias perfectly fine in some situations such as VPN terminators in a data centre, but quite often they're unreliable crap). VPNs are one area where Nokias excel due to their onboard encryption. I have used IP330s/IP350s with hundreds of tunnels in a data centre. Bear in mind that the IP330 has a 330MHz AMD K6 CPU and 256MB RAM IIRC.
SecureXL is the Check Point API to allow hardware acceleration of most of the firewal/VPN features and is responsible for the masive performance of Nokias on relatively modest hardware. Crossbeam are supposed to be good for hardware acceleration with Check Point but I've not used them. You used to be able to get a PCI "turbocard" that made use of SecureXL, not sure if it's available any more though as I can't find it on their web site.

I love Check Point for their management tools and logging. In my opinion, the GUI and centralised management abilities (SMart Centre and Provider-1) are the best there is (although I haven't used the latest PDM/SDM with the Cisco PIX or ASAs so YMMV). I love Fortinet FortiGates for the all in one, hardware accelerated solution (even Nokia/Crossbeam can't match this with two separate companies doing the hardware/software) and the lack of per host licensing but there are still some situations where I would go Check Point for their management tools (as well as integration with their other products).

You looking for any help in particular?

25th January 2008	#4 (permalink)
freethought I am Staff at Freethought Group Limited About My Company! Certified Host Join Date: Aug 2007 Location: Lincoln, UK Posts: 577	I am VERY familiar with Check Point and their IPSec VPNs. Have managed a few hundred firewalls from 4.0 to NGX R62 on Windows, Red Hat Linux and SecurePlatform (Check Point's hardened version of Red Hat stripped right down to the bare minimum). Not worked much with the SSL VPNs (Basically had a play around with Connectra in a lab) so I can't really comment on that, other than it looks very shiny. With regards to hardware, Most of my experience is with SecurePlatform on HP/Comaq servers with a few RedHat machines where SecurePlatform wouldn't work on that hardware (SecurePlatform NG R55 just wouldn't load on the old Netserver LC2000s). SecurePlatform is a fantastic system that just keeps getting better. I have used several versions on Nokias and would generally advise against it (depending on exactly how they're being deployed, I have used Nokias perfectly fine in some situations such as VPN terminators in a data centre, but quite often they're unreliable crap). VPNs are one area where Nokias excel due to their onboard encryption. I have used IP330s/IP350s with hundreds of tunnels in a data centre. Bear in mind that the IP330 has a 330MHz AMD K6 CPU and 256MB RAM IIRC. SecureXL is the Check Point API to allow hardware acceleration of most of the firewal/VPN features and is responsible for the masive performance of Nokias on relatively modest hardware. Crossbeam are supposed to be good for hardware acceleration with Check Point but I've not used them. You used to be able to get a PCI "turbocard" that made use of SecureXL, not sure if it's available any more though as I can't find it on their web site. I love Check Point for their management tools and logging. In my opinion, the GUI and centralised management abilities (SMart Centre and Provider-1) are the best there is (although I haven't used the latest PDM/SDM with the Cisco PIX or ASAs so YMMV). I love Fortinet FortiGates for the all in one, hardware accelerated solution (even Nokia/Crossbeam can't match this with two separate companies doing the hardware/software) and the lack of per host licensing but there are still some situations where I would go Check Point for their management tools (as well as integration with their other products). You looking for any help in particular? __________________ Freethought Group Limited Hosting and communications Freethought Group Limited registered in London No. 5862996. Registered office: The Old Church Hall, 2A Cromwell Street, Lincoln, LN2 5LP. Xion Internet and Freethought Internet are trading names of Freethought Group Limited. __________________ Web Host - Certified Member