Firewall Wizards mailing list archives

Re: Firewall/VPN recommendation for (Ex-) Gauntlet reseller

From: "Stuart Flisher" <stuart.flisher () btinternet com>
Date: Tue, 26 Sep 2000 16:56:36 +0100

For me has to be Check Point FW1 / VPN1. Easy to install and use. Check out
www.phoneboy.com for loads of info.

Which platform? Easiest is probably the Nokia boxes for low to medium
traffic. I think there is a limit of four NICs on the Nokia box if it is
important. Nokia boxes can be configured for failover.

My favourite is Check Point on Sun Ultra 5's or E220's, the latter if you
think you need more memory and more processors. The ultra 5 has a maximum of
7 Nics and the E220 is 16 (I think) if you use QFE cards. Sun boxes probably
offer better performance than Nokia boxes.

If you need VPN accelerator cards then I don't think the Nokia boxes support
them (yet), whereas the Sun boxes do. Check Point firewall integrates well
with Entrust and Baltimore PKI's and probably others if needed. Checkpoint
is IPSEC compliant so integration with FSecure should be OK for manual IPSEC
and shared secret IPSEC.

Other things to consider...

High availability / failover / dynamic load balancing can be achieved using
Stonebeat having upto 16 nodes in a cluster. This will use up more NICs than
your standard firewall with DMZ's (that's why I mentioned the numbers
above), as heartbeat lans are used. This solution uses multicast to get all
traffic to all firewall nodes. More to think about than the Nokia's for the
budding die hard techies.

Other solutions for load balancing involve layer 3 switches such as those
from Hyperflow and alteon.

FSecure Anti-Virus can be used with Check Point for network monitoring of
ftp, http and smtp traffic.

Check Point has other products such as Floodgate for bandwidth management
which is quite useful although doesn't work well if you are using stonebeat
clustering mentioned above. Not sure about Floodgate with Nokia.

If you like getting your hands dirty then there is always a Linux box and
ipchains, your command line skills will be needed here but some of your
pre-requisites will not be met.

Sorry NT didn't get a mention :)

Hope this helps.

Regards

Stuart



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewall/VPN recommendation for (Ex-) Gauntlet reseller Stuart Flisher (Oct 01)
- <Possible follow-ups>
- Re: Firewall/VPN recommendation for (Ex-) Gauntlet reseller Jeffery . Gieser (Oct 01)
- Re: Firewall/VPN recommendation for (Ex-) Gauntlet reseller Chris Calabrese (Oct 03)
  - Re: Firewall/VPN recommendation for (Ex-) Gauntlet reseller Ryan Reynolds (Oct 04)
- Re: Firewall/VPN recommendation for (Ex-) Gauntlet reseller Patrick M. Hausen (Oct 09)