Quote:
Originally Posted by heypresto
Thanks guys. We're looking at a secure RAS solution for up to 5000 users and basically comparing the Cisco and Check Point solutions. Just interested in any "gotchas" with Check Point as they're looking like a leader after a meeting one of their distributors yesterday. We would look to be running it on Dell hardware as there is a pre-existing global agreement with Dell. Anyone tried this?
Any thoughts on the Integrity Secure Client (which is a re-badged, centrally controlled, version of ZoneAlarm)? Given that personal firewall and AV is taken care of by Kaspersky on clients already, we're thinking we may only need the more basic VPN client (SecureClient Mobile). This is with VPN-1 Power as the firewall I think.
|
Check out
http://checkpoint.com/services/techsupport/hcl/all.html, there are several Dells certified by Check Point to run SecurePlatform. Most of Check Point's own appliances are also re-badged Dell PowerEdges.
SecureClient is a really nice app with the built in firewall that lets you download a security policy from the management server to the user's machine when they connect. If you don't need that (it costs extra from what I recall, I try to avoid Check Point licensing at all costs and just focus on managing it) then you can just use SecuRemote that is the same thing but with the firewall bit stripped out so you're just left with the VPN.
You've got plenty of authentication options with Check Point. You can do it locally on the management server (if you like headaches) or you can fob it off to another box via RADIUS, LDAP (and thus ActiveDirectory), TACACS or SecurID. One thing I dislike about Fortinet is that you need to install one of their programs on the AD controllers in order to authenticate against it!
The only advantage you really get from Integrity is that it won't let users connect to the VPN unless their AV and OS patches etc. are up to date. It's good for enforcing security policies but it's bloody expensive (as are most of Check Point's products).