[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Licensing FW1
You are forgetting a very important point: The firewall is _not_ there to provide access to the internet for a certain number of hosts. The firewall is there to prevent an intruder from accessing _any_ node on your network through your network connection. Thus, even if only 10 of your nodes use the internet connection, the rest of the nodes on that network, including routers, switches, anything that can accept a TCP/IP connection, and that are potentially accessible through that internet connection, still need protection. Cheers, Anders :) -----Original Message----- From: Skeeve Stevens [mailto:[email protected]] Sent: 29. mai 2001 15:12 To: [email protected] <mailto:[email protected]> Subject: [FW1] Licensing FW1 I have been discussing with a couple of resellers and tonight talked to the product manager for this region.. And I am still confused as to why or how CPFW1 licensing works. Apparently it is my the number of ip addresses that the FW is protecting. In my opinion that is stupid. We have about 50 sites, coming in via ISDN to our core router... some of these sites have up to 50 people.. some of them only 1 or 2 people. Overall we would have in use, about 400 workstations, 60 servers, about 50 print servers, some 50 ciscos and also 150 hubs/switches with ip addresses. Quite a lot... Our HQ is 10.0.x.x and each site is 10.1.x.x and 10.2.x.x and so on... yeah limit to 255 networks, but hey, works for us. Of all these connected devices, maybe 150 workstations and a few servers will be using the Internet for ANY reason. Most, like HP printers with an ip address, don't go anywhere near the internet or firewall. We have a simple setup Servers Site or PC \ | Site or PC ----- core router ----- ms proxy server ----- cisco ----- isdn to internet Site or PC / We want to nuke ms proxy, stick in a firewall, and perhaps stick a proxy appliance on the internal network. But I apparently have to pay for an unlimited enterprise licence because we have so many ip's being used around the network. It is not exactly a complex setup, and I don't see we should have to pay for that many ip's that are not going to be accessed or going near the firewall. Anyone had problems with this before? Or understand ways around this problem? _______________________________________________________ Skeeve Stevens Email: [email protected] Website: <file://www.skeeve.org> www.skeeve.org - Telephone: (0414) 753 383 Address: P.O Box 1035, Epping, NSW, 1710, Australia _______________________________________________________ Quantum ille canis in fenestra. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|