Re: [FW-1] Small Office License

["FireWall-1 (Layer-0)" <checkpoint@FW1-NOSPAMLAYER-0.COM>]

Title: RE: [FW-1] Small Office License

The only difference is the license count... like all limited licenses, you can only protect a given number of nodes (5, 10, 25, 50). I have implemented a PDS with 3 NIC's, so I imagine you can have as many zones as the hardware / OS will support. NG is slightly different in that it allows you to specify whether a NIC is considered internal / external. All the nodes you are protecting have to be allowed for in your license count. I haven't tried this feature yet, but I'm assured it works.

Another limitation I just thought of - you can only set up a limited number of VPN tunnels, either SecuRemote or VPN to VPN. The limitation is your license count + 5 (10, 15, 30, 55 respectively).

Craig Little B.Sc, CPD, CPI, SCJD, CCSA, CCSE
Senior Consultant
Layer-0 Internet Security
www.layer-0.com <http://www.layer-0.com/>
<mailto:craig@layer-0.com>
Ph: 02 4648 2855
Fax: 02 4647 8899
Mob: 0416 112 138

-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST@beethoven.us.checkpoint.com]On Behalf Of Stephen Davies
Sent: 24 October 2001 4:59 PM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Small Office License

Dear Craig,
Thanks for that. Is the Small Office restricted on the number of ethernet port/ Security Zones. I am looking at implementing 4 zones for a customer (Internet, DMZ, Corporate LAN, Dialup)

Regards
Stephen Davies
* Mobile :
* Fax : +61 (8) 6210 1828
* Email : Stephen.Davies@qwestcom.com.au

-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST@beethoven.us.checkpoint.com]On Behalf Of FireWall-1 (Layer-0)
Sent: Wednesday, October 24, 2001 8:06 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Small Office License

You can't run the High Availability features or FWZ encryption, though everything else seems to be enabled. You can get it for up to 50 nodes, not 25.

I have been running it on RedHat without any problems. Configuration is via cpconfig, and you need a separate GUI console (e.g. Windoze), though the management daemon (fwm) can be run locally or centrally managed.

Various appliance implementations restrict features further. E.g. some don't offer VPN, others don't offer SecureClient.

I've implemented straight on top of RH Linux without any probs though...
Craig Little B.Sc, CPD, CPI, SCJD, CCSA, CCSE
Senior Consultant
Layer-0 Internet Security
www.layer-0.com
<mailto:craig@layer-0.com>
Ph: 02 4648 2855
Fax: 02 4647 8899
Mob: 0416 112 138
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[<mailto:FW-1-MAILINGLIST@beethoven.us.checkpoint.com>]On Behalf Of Aaron
Brasslett
Sent: 24 October 2001 1:55 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: Re: [FW-1] Small Office License
One significant difference that I have found is that the only encryption
scheme is IKE. I'm sure there are other differences though.
I running the GUI on a Windows machine, so I can't answer your question
about the console.
Aaron
-----Original Message-----
From: Stephen Davies [<mailto:stephen.davies@QWESTCOM.COM.AU>]
Sent: Tuesday, October 23, 2001 10:24 AM
To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com
Subject: [FW-1] Small Office License
Hello,
Can anyone tell me what restrictions are on the "Small Office" license of
Firewall-1. I know it is limited to the number of 25 Addresses supported,
however is there any restrictions on Ethernet Ports are anything else.
What is the different between the Small Office and Internet Gateway versions
of Firewall-1.
If I am to run Firewall-1 Internet Gateway on Redhat, does it come with any
kind of management console? Do I need the Motif GUI or Enterprise management
console?
Thanks in advance.
Regards
Stephen Davies
* Mobile :
* Fax : +61 (8) 6210 1828
* Email : Stephen.Davies@qwestcom.com.au
===============================================
To unsubscribe from this mailing list,
please see the instructions at
<http://www.checkpoint.com/services/mailing.html>
===============================================
===============================================
To unsubscribe from this mailing list,
please see the instructions at
<http://www.checkpoint.com/services/mailing.html>
===============================================