Educause Security Discussion mailing list archives
Checkpoint 13500 Next Generation Firewall/Security
From: "Boyd, Daniel" <dboyd () BERRY EDU>
Date: Mon, 8 Dec 2014 14:19:13 +0000
First, let me say we do not have experience with this equipment, nor do we have 14,000 students, so you can stop reading now if you are not interested, but I wanted to offer some validity to the idea that Internet traffic is different and devices don't all handle it the same way. We've seen this before in our environment. We tested a firewall product from a vendor that will remain unnamed (not Checkpoint). The throughput of the device and the capabilities were easily ten times what we would ever run, even at peak times, but this device fell on its face under the load of our network, particularly the residence hall network. Even when running only parts of our network through it, it failed time and time again. No amount of software updates or configuration changes would make it work, both we and their support engineers were baffled. We went back to our original vendor, Sonicwall (now Dell Sonicwall) for our solution and didn't look back. I think it proves that while network traffic might just be streams of data, the way the designers expect traffic to flow determines their design and optimizations and when the device sees traffic that is radically different, it could potentially not handle it and fall over. That seemed to be the case in our instance, as I had seen this firewall perform just fine on much larger networks. Sometimes the only solution is just to find another vendor, but I know it is never that simple once a solution has been purchased. Just my $.02 Daniel H. Boyd (94C) Senior Network Architect Security Governance and Documentation Committee Chair Network Operations Berry College Phone: 706-236-1750 Fax: 706-238-5824 There are two rules to follow with your account passwords: 1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!! 2. If unsure, consult rule #1
Current thread:
- Checkpoint 13500 Next Generation Firewall/Security Timothy Pierson (Dec 05)
- Re: Checkpoint 13500 Next Generation Firewall/Security Ian McDonald (Dec 06)
- Re: Checkpoint 13500 Next Generation Firewall/Security Timothy Pierson (Dec 08)
- Re: Checkpoint 13500 Next Generation Firewall/Security Flynn, Gary - flynngn (Dec 08)
- <Possible follow-ups>
- Checkpoint 13500 Next Generation Firewall/Security Boyd, Daniel (Dec 08)
- Re: Checkpoint 13500 Next Generation Firewall/Security Timothy Pierson (Dec 08)
- Re: Checkpoint 13500 Next Generation Firewall/Security Robert Rudloff (Dec 08)
- Re: Checkpoint 13500 Next Generation Firewall/Security Ian McDonald (Dec 06)