Firewall Wizards mailing list archives
RE: Firewall/VPN recommendation for (Ex-) Gauntlet resel ler
From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Mon, 2 Oct 2000 13:49:16 -0400
Actually, believe it or not, but the Nokia Platform is faster than Sun currently. I prefer Sun myself as the Nokia patches are slower to be released. Couple of links mentioned earlier on this list: http://www.checkpoint.com/products/firewall-1/pbrief.html http://www.checkpoint.com/products/vpn1/vpn1perfdata.html As far as I know, the VPN accelerator cards only work on NT and Solaris. The are PCI based by the by. --------------------------------------------------------- Andrew J. Kalat, | Voice: (678)443-6000 IT Infrastructure Manager | Fax: (678)443-6484 Internet Security Systems, Inc. | E-Mail: akalat () iss net 6600 Peachtree-Dunwoody Road | http://www.iss.net/ 300 Embassy Row, Suite 500 | PGP key available. Atlanta, GA 30328 | Note: These are my own opinions, yadda, yadda... -----Original Message----- From: Stuart Flisher [mailto:stuart.flisher () btinternet com] Sent: Tuesday, September 26, 2000 11:57 AM To: Patrick M. Hausen; fw-wiz Subject: Re: [fw-wiz] Firewall/VPN recommendation for (Ex-) Gauntlet reseller For me has to be Check Point FW1 / VPN1. Easy to install and use. Check out www.phoneboy.com for loads of info. Which platform? Easiest is probably the Nokia boxes for low to medium traffic. I think there is a limit of four NICs on the Nokia box if it is important. Nokia boxes can be configured for failover. My favourite is Check Point on Sun Ultra 5's or E220's, the latter if you think you need more memory and more processors. The ultra 5 has a maximum of 7 Nics and the E220 is 16 (I think) if you use QFE cards. Sun boxes probably offer better performance than Nokia boxes. If you need VPN accelerator cards then I don't think the Nokia boxes support them (yet), whereas the Sun boxes do. Check Point firewall integrates well with Entrust and Baltimore PKI's and probably others if needed. Checkpoint is IPSEC compliant so integration with FSecure should be OK for manual IPSEC and shared secret IPSEC. Other things to consider... High availability / failover / dynamic load balancing can be achieved using Stonebeat having upto 16 nodes in a cluster. This will use up more NICs than your standard firewall with DMZ's (that's why I mentioned the numbers above), as heartbeat lans are used. This solution uses multicast to get all traffic to all firewall nodes. More to think about than the Nokia's for the budding die hard techies. Other solutions for load balancing involve layer 3 switches such as those from Hyperflow and alteon. FSecure Anti-Virus can be used with Check Point for network monitoring of ftp, http and smtp traffic. Check Point has other products such as Floodgate for bandwidth management which is quite useful although doesn't work well if you are using stonebeat clustering mentioned above. Not sure about Floodgate with Nokia. If you like getting your hands dirty then there is always a Linux box and ipchains, your command line skills will be needed here but some of your pre-requisites will not be met. Sorry NT didn't get a mention :) Hope this helps. Regards Stuart _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: Firewall/VPN recommendation for (Ex-) Gauntlet resel ler David Mackie (Oct 01)
- <Possible follow-ups>
- RE: Firewall/VPN recommendation for (Ex-) Gauntlet resel ler Kalat, Andrew (ISS Atlanta) (Oct 03)