[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Sonicwall
Keep in mind that while the SonicWALL appliances are great little boxes, they are aimed at the low-end market and do not TRY to compete with CheckPoint in the Enterprise market. There are some limitations (hey, after all, this IS a CheckPoint mailing list): first of all, the SOHO appliances are a bridge, not a router. This in itself is a limitation. VPN: Throughput? the SOHO boxes _are_ the remote user. Yes, you can add VPN, but don't expect it to work with IPSec clients! (OK, maybe one, but NOT two or more). It only does "security assocations" for site-to-site VPN. Client-to-site encryption is something that only the SonicWALL PRO/PRO-VX will do. [Some people are very happy with these boxes, some are not] Again, VPN throughput does not always measure up to what you'd expect from CheckPoint. [but recent upgrades are impressive] Pricewise? $3,000 for a SonicWALL PRO (that includes VPN!) sounds inexpensive, but keep in mind that the VPN clients are NOT free. (this is not SecuRemote, you know). If you added 100 VPN clients, it gets to roughly the same price as a 100-user VPN-1 Internet Gateway, for which CheckPoint offers you a free SecuRemote client license. So, if you only need a 25-user or 50-user VPN-1, it will cost you LESS money for CheckPoint. For 100-users? For roughly the same money, you can have CHECKPOINT -- what would do you think most people choose when offered this option? And the biggest weakness with SonicWALL: Logging. Very sparse and limited. Imagine doing a security audit and not getting all the information? In fact, we had a problem getting some routes to work with a SonicWALL DMZ box in front of a Nortel switch. The engineer couldn't figure it out. Finally, I swapped it out with an NT-based CheckPoint firewall. It still didn't work -- but now we could look at the logfile and see EXACTLY what the problem was. It was in the switch. The configuration on the switch was fixed, and the route worked. Working with the SonicWALL, we had no clue -- as it wasn't logging everything. The CheckPoint log told us what the problem was in five minutes, but the SonicWALL log was useless. Overall, SonicWALL appliances are well made, and are a good choice for a low-end solution (ie: like adding VPN connectivity to that 5-user branch office, tunneling into you existing CheckPoint VPN-1 firewall in your main office, or securing telecommuters behind DSL routers), but are not a lower-cost "replacement" for CheckPoint. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|