Firewall Wizards mailing list archives
RE: Comments from Checkpoint on Nokia load balancing
From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Sun, 11 Mar 2001 15:30:38 -0500
Hey Roger, Thanks for giving us Checkpoint's thoughts. One thing I keep hearing people say is to use Load Balancing hardware (switches, whatever) to achieve a true load balanced situation with Nokia's or others. There are a few problems there, in fact, I'm not sure it would work at all.
It is true that currently Nokia service packs, patches etc are released a little bit after Sun and NT versions. The goal is two weeks. As of now, both Nokia and Check Point are dedicating more resources to gettting this process speeded up.
Great to hear. Mind you, this may not be a big deal for a lot of folks, but I get worried if an announced vulnerability is out there for 2 weeks and I can't upgrade my code on my most critical security piece. I'd love to see the day when Checkpoint releases patches on all platforms at the same time, but only if they can achieve that by not delaying much needed patches on any of the platforms. I know, I know, asking for a lot there...
Check Point is not asking all appliance vendors to run on Linux. The criteria used in selecting an OS for a "Secured by Check Point" appliance are performance and cost. In many cases, Linux turns out to be the best in both areas
Ah, guess I had some bad info in this area. Good to have that cleared up.
According to the figures I've seen (http://www.checkpoint.com/products/vpn1/vpn1perfdata.html), Sun is only slightly faster on DES encryption. The Chrysalis Accelerator card is currently available for Nokia and the release of the Broadcom card for Nokia is imminent.
True, but you start to add additional cost then to the Nokia platform. This lessens the attractivness of the price savings on the Nokia platform. By the by, I've heard the Broadcom board is MUCH happier than the Chrysalis. I guess they've had some problems with the Chrysalis, but the Broadcom is supposed to work like a champ. I haven't used it yet myself, so this is just what I've heard...
Yes, this is true. However, there are also other options such as load balancing switches etc. http://www.checkpoint.com/opsec/performance.html#HA_Load_Balancing
True, but again, be sure to compare the costs. If you have to add on an encryption board, plus two HA/LB switches (one for the inside and outside I would expect, then let's think about any DMZ's...) I wonder if the cost savings is still there. Again, I like the Nokia platform, I just think it can't do everything the Sun platform can. However, if used in the right circumstances, you save substantially with the Nokia route. Just make sure you're using the right tool for the job. -Andrew Kalat Note: The thoughts are my own, and not my employeers... PS. Off to the Checkpoint Conference in Nashville. Hopefully I'll see the latest and greatest stuff. If anyone else is going, maybe I'll see you there. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Comments from Checkpoint on Nokia load balancing Schotsal, Roger (Mar 10)
- <Possible follow-ups>
- RE: Comments from Checkpoint on Nokia load balancing Kalat, Andrew (ISS Atlanta) (Mar 11)