[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Alternatives to FW-1?
Vic G wrote: > > Is there a hardware appliance comparable to FW-1 that simulates most or all > of it's feature set: > > - stateful inspection > - multiple VPN tunnels > - ability to handle subnets/routed nets at the ends of VPN tunnel. > > I see some of these appliances very reasonable cost compared to CP, > especially when it's in a small office (100 IP protected) environment. > These devices can be $1k US compared to FW-1 $10k US for comperable setup > (software, maint, PC, operating system). > > What are the downsides to these other vendor devices? Some people will list a lack of a GUI administrative interface as a downside. Others will list the ability to do everything from flat configuration files is a big plus for many other solutions. Which camp you fall into needs to be considered. "Stateful inspection" may or may not be an issue. If we are talking about generic TCP state tracking, most anything can deal with that. Same goes for pretending UDP is stateful. However, are we also talking about RPC? Or DCE? Or other session layer kind of stuff that Check Point can do, but lots of other software does not? What VPN protocols are we talking about? IPsec, an open standard that is going to be pretty much the same for everyone, or something else? Not sure what you mean by "submets/routed nets" at the ends. How that would be handled would also depend on which VPN technology you are using. Generally speaking, if you don't need the bells and whistles that come with Check Point, you are probably better off not using it. Other solutions are cheaper to buy/license, easier/cheaper to administer, and probably more secure. > I currently have NG > FP3 at both ends with a T1 connecting them, but am concerned about licensing > since I'm a couple over the limit... (it's something I need to track down > and remove) Do the T1 ends really go straight to the Check Point boxes? Or is there some network hardware? What kind of devices are those? If you just need a VPN and some simple firewalling, can those devices do it? -- Crist J. Clark [email protected] Globalstar CommunicationsThe information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|