[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Linux/Checkpoint Statefull inspection comparison
Gill, Let me preface my response by saying that I'm looking at this from the point of view of a consultant trying to offer clients first class security solutions. Several readers stated that a Linux solution would require at least as much labor expense as a Check Point solution. I agree. My problem is that I will eventually be going up against competitors offering a Linux solution. Assuming that the labor required for both solutions is the same, the customer would be looking at a price difference of $8,495 (more or less). When the customer asks why Check Point is better, I can mention market leadership, OPSEC, inspect modules, better reporting, and other features. I could go on to suggest that a client use the same security platform their business partners are using (assuming Check Point). I have run into situations where two companies just happened to both have Check Point and were able to take advantage of LAN to LAN VPN's and/or Secure Remote easier. I like your comment about making a solution out of almost anything. Intel has a "roll your own" firewall solution. Follow the link to 15 page description of Intel's firewall solution. (10 pages of filler / 5 pages of content) http://developer.intel.com/technology/itj/q12000/articles/art_1.htm Don't get me started on CP licensing. Kevin Palmer, MCSE+I & CCSE -----Original Message----- From: Gill [mailto:[email protected]] Sent: Thursday, February 08, 2001 8:56 PM To: Palmer, Kevin Cc: 'Mark Squire'; Firewall-1 Mailing List (E-mail) Subject: RE: [FW1] Linux/Checkpoint Statefull inspection comparison On Thu, 8 Feb 2001, Palmer, Kevin wrote: > CPVP-VIG-100-3DES-V41 List $8,495 vs. Linux Solution $0.00 > > How many IT managers might decide that the additional security is not worth > the price? watch out.... the linux solution costs time to implement and a linux-smart person on staff. if you lose that person how can you evaluate prospective candidates? and how much per year is your firewall support contract? the ease of management where you can hire a CCSE or CCSA for a figure you can compare for your metro region will keep a lot of thinking managers in the fold. the fact that an enterprise is saving less than the annual tax deduction to have a less than fully audited network security solution probably won't matter much when the shareholders want to know about due diligence. not that i am not a fan of the linux solution, I am. I beleive that knowing what you're doing you can build a secure solution out of most anything ... but someone who really *really* knows how to make the linux solution as flexible and secure as the CP solution isn't going to be cheap, and it is going to be difficult to tell in an interview if that person is all they pretend to be. personally, i would hand-roll all my firewalls out of OpenBSD but if I quit who would run them? sure, they would be faster and cheaper than your CheckPoint but who could you trust? then again, there is no certification for CheckPoint licensing ... which is more convoluted than .... --gill ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|