Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Sonicwall

To: [email protected]
Subject: Re: [FW1] Sonicwall
From: [email protected]
Date: Thu, 7 Dec 2000 09:49:28 -0500
Cc: [email protected]
Sender: [email protected]



Keep in mind that while the SonicWALL appliances are great little boxes, they
are aimed at the low-end market and do not TRY to compete with CheckPoint in the
Enterprise market.

There are some limitations (hey, after all, this IS a CheckPoint mailing list):

first of all, the SOHO appliances are a bridge, not a router. This in itself is
a limitation.

VPN: Throughput? the SOHO boxes _are_ the remote user. Yes, you can add VPN, but
don't expect it to work with IPSec clients! (OK, maybe one, but NOT two or
more). It only does "security assocations" for site-to-site VPN.
Client-to-site encryption is something that only the SonicWALL PRO/PRO-VX will
do. [Some people are very happy with these boxes, some are not]

Again, VPN throughput does not always measure up to what you'd expect from
CheckPoint. [but recent upgrades are impressive]

Pricewise?
$3,000 for a SonicWALL PRO (that includes VPN!) sounds inexpensive, but keep in
mind that the VPN clients are NOT free. (this is not SecuRemote, you know). If
you added 100 VPN clients, it gets to roughly the same price as a 100-user VPN-1
Internet Gateway, for which CheckPoint offers you a free SecuRemote client
license. So, if you only need a 25-user or 50-user VPN-1, it will cost you LESS
money for CheckPoint. For 100-users? For roughly the same money, you can have
CHECKPOINT -- what would do you think most people choose when offered this
option?

And the biggest weakness with SonicWALL: Logging. Very sparse and limited.
Imagine doing a security audit and not getting all the information?
In fact, we had a problem getting some routes to work with a SonicWALL DMZ box
in front of a Nortel switch. The engineer couldn't figure it out.
Finally, I swapped it out with an NT-based CheckPoint firewall. It still didn't
work -- but now we could look at the logfile and see EXACTLY what the problem
was.
It was in the switch. The configuration on the switch was fixed, and the route
worked. Working with the SonicWALL, we had no clue -- as it wasn't logging
everything. The CheckPoint log told us what the problem was in five minutes, but
the SonicWALL log was useless.

Overall, SonicWALL appliances are well made, and are a good choice for a low-end
solution (ie: like adding VPN connectivity to that 5-user branch office,
tunneling into you existing CheckPoint VPN-1 firewall in your main office, or
securing telecommuters behind DSL routers), but are not a lower-cost
"replacement" for CheckPoint.





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FW-1 SPs
Next by Date: RE: [FW1] Problem with licenses
Previous by thread: [FW1] Sonicwall
Next by thread: [FW1] VPN Card
Index(es):
- Date
- Thread