Quote:
Originally Posted by derspot  Sure, with CP we forgot the Nokia IPSO/Devide license aswell. |
Why use Nokia/IPSO when you can use a standard server and SPLAT? No OS license and the hardware is a wash, or even less as you are not running a general purpose OS with a heavy GUI like you need for ISA
Quote:
| So the SecureClient is. However the Firewall Client is GP Deployable - so no problems. You dont need it if you dont want User auth. That is its main feature - User Auth for any traffic. How exactly this is done in CP ? |
SecureClient's MSI is GPO deployable as well. IIRC the ISA agent is for internal to external traffic and not VPN right? ISA just uses PPTP for VPN.
As for user auth on CHKP you may use an agent or a telent/web page.
[quote]The Win Built-in Firewall pretty much does the work for controlling traffic as it relates to the client.[/color]
The windows firewall only controls inbound traffic. It does not control application or outbound traffic. Now its very good for what you pay for it, but its by no means Integrity/Sygate/etc.
I'm mostly with you here. Given the right traffic mix it can make a big difference, bit I don't see much my self. Now AES support is much more of a problem. For now most people can get away with just 3DES but it is slower. Also more and more companies are requiring AES as part of SOX & GLB compliance. If a company has to have a VPN to any US Gov office, they and all the VPN's to them must be AES.
Quote:
| Well if you wanna spend 10K for fun. |
Every should!! At least if you're buying it from me :)
Seriously, ISA does have it place and it may work for your situation, if so you should use it. Check Point's FW-1/VPN-1 is a more robust and feature rich security platform, but if you don't need the features then you don't need them. Though at that point I think you should look at the Safe@/Edge boxes and their ilk. I think you will get a lot better performance and control for your money than you will with ISA.
JMNSHO