Firewall Wizards mailing list archives

RE: Intel vs. special purpose FW-1 servers

From: "Sawyer, Christopher" <Christopher.Sawyer () getronics com>
Date: Thu, 21 Jul 2005 13:50:25 -0400

I agree the SPLAT is awesome, but what about he costs of VPG or HVPG
licenses need to run clustering on the SPLAT boxes...

The cost to convert our existing and the maintence on these licenses exceed
most Nokia hardware prices which comes with VRRP for free.

 

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Paul Melson
Sent: Thursday, July 21, 2005 11:04 AM
To: 'Emily Conrad'; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Intel vs. special purpose FW-1 servers

IMHO, there's no longer any viable reason to buy new Nokia/IPSO appliances
to run Check Point.  You can match or exceed scale and performance with
SecurePlatform on cheaper x86 server hardware.  And now that clustering is
part of NG-AI, Nokia's got nothing on SecurePlatform.

Crossbeam boxes, which I have no hands-on experience with, have extremely
high port density.  If that's helpful, for instance if you need 10 firewall
interfaces per 1U of rack space, then these may be your only option (short
of looking at Cisco chassis switches with FWSM blades).  

Even then Check Point supports 802.1Q VLAN tagging and virtual interfaces,
so you can turn a single physical interface on a SecurePlatform box into a
dozen or more logical interfaces by connecting to a switch that supports
VLAN tagging.  

Anyway, my advice is to assume that you will be running SecurePlatform on
some x86 server (see HCL:
http://www.checkpoint.com/products/supported_platforms/secureplatform.html)
and then only select a different product if your environment requires it.

PaulM


-----Original Message-----
Subject: [fw-wiz] Intel vs. special purpose FW-1 servers

Hello,

We are working on a project to upgrade our firewall infrastructure.

One of the questions is whether to use FW-1 on a standard Intel server or to
use a special-purpose optimized version of FW-1 on a dedicated hardware
platform such as Nokia firewall appliance or Crossbeam systems C30/X40.

Does anyone have any advice on what factors are important when making such a
decision?

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Attachment: smime.p7s
Description:

Current thread:

Intel vs. special purpose FW-1 servers Emily Conrad (Jul 21)
- Re: Intel vs. special purpose FW-1 servers Marcus J. Ranum (Jul 21)
  - Re: Intel vs. special purpose FW-1 servers Carson Gaspar (Jul 21)
- RE: Intel vs. special purpose FW-1 servers Paul Melson (Jul 21)
- Re: Intel vs. special purpose FW-1 servers David Lang (Jul 21)
  - RE: Intel vs. special purpose FW-1 servers Keith A. Glass (Jul 22)
  - Re: Intel vs. special purpose FW-1 servers Marcus J. Ranum (Jul 22)
- <Possible follow-ups>
- Re: Intel vs. special purpose FW-1 servers Keith A. Glass (Jul 21)
  - RE: Intel vs. special purpose FW-1 servers Paul Melson (Jul 21)
- RE: Intel vs. special purpose FW-1 servers Sawyer, Christopher (Jul 21)
  - RE: Intel vs. special purpose FW-1 servers Paul Melson (Jul 21)
- RE: Intel vs. special purpose FW-1 servers Ionut Boldizsar (Jul 25)
  - Message not available
    - RE: Intel vs. special purpose FW-1 servers Marcus J. Ranum (Jul 25)