UTM Comparisons

[JamieDoherty]

I am an original FW-1 user, and it seems with each new version I have let the licensing options slip from my mind more and more. I am proposing a new solution and I am unsure which route to go. The solution is relatively simple, 2 firewalls in an Active/Passive cluster environment. Those firewalls are protecting application servers (less than 10 IP addresses). I am trying to figure out if I could get away with UTM as opposed to UTM Power. Can I purchase a UTM Management and Gateway bundle for 50 users, one additional UTM Gateway for Load Sharing and 2 ClusterXL licenses to accomplish the same? Is there a datasheet that compares UTM to UTM Power?

Jamie

[kva.kva]

UTM is new name for products Express and Express CI.
UTM includes firewall, VPN, SmartDefense Service, IPS, web application security, and antivirus protection.
Power is new name for FW-1/VPN-1 Pro. It includes all UTM features without AV and it includes extra features - FloodGate and SecureXL.
UTM Power includes all UTM and Power features.

If you want UTM cluster, I think, you need license for managment, license for gateway, license for secondary gateway for high availability and one Cluster XL license for load sharing.

[melipla]

Quote:

Originally Posted by JamieDoherty

Is there a datasheet that compares UTM to UTM Power?

I too would like one.

I also inquired about VPN-1 Power with my CP Sales rep, he gave me the impression that there weren't any solid numbers comparing VPN-1 Power to VPN-1. He only said that if we were seeing performance problems with VPN-1 that we should consider upgrading our license to VPN-1 Power.

[NickBrandson]

VPN-1 UTM gateways provide firewall, VPN, SmartDefense Service, IPS, web application security, and antivirus protection on an all-in-one platform. Prices include software only.

VPN-1 Power gateways provide blazing fast security for the most demanding environments providing best-of-breed firewall, VPN, SmartDefense Service IPS, and web application security. Prices include software only.

VPN-1 UTM Power gateways are a combination of performance and simplicity- an all-in-one platform that includes the VPN-1 UTM features with the acceleration provided by the VPN-1 Power line. Prices include software only.

** Please advise that the annual subscription for SmartDefense & Antivirus is required if you want SmartDefense Services provide ongoing, real-time updates and configuration advisories for defenses and security policies. SmartDefense Services are licensed annually. The Anti-Virus signature update component of SmartDefense Services is also licensed annually.

For Active-Standby configuration, Cluster-XL for LoadSharing is NOT required.

Just Simply go to check point web site and click on "How to Buy" -> "Price List", then you'll see what components are included in the products/bundles.

[mylove142]

Hi all,

My project will buy Checkpoint VPN-1 Pro but Checkpoint VPN-1 Pro is end of sale. Now, I am going to bye Checkpoint VPN-1 UTM to replace VPN-1 Pro. I want to ask everyone: the function of VPN-1 UTM and VPN-1 Pro is the same or VPN-1 Pro is better than VPN-1 UTM?

I will put VPN-1 UTM in datagram

DMZ - VPN-1 UTM - Router gateway - ISP

Please answer me early. Thank you very much.

Duy Khang

[mcnallym]

Check Point VPN-1 Pro includes Floodgate/QoS, the UTM includes Anti-Virus and URL filtering. UTM equates to the old ExpressCI

If you were looking to use QoS on the firewalls then you will need VPN-1 Power.

Not sure if it will make any difference to you but R55 SMARTCenter can read the license for VPN-1 Power but the UTM license will require NGX R60 HFA-02, or later so if still on R55 and not looking to upgrade then go with Power.

[NickBrandson]

Is it a new purchase or an upgrade?

UTM bundle is required as it contains one gateway and one management server. As stated by mcnallym, Power will have QoS which is upon your requirement.

Quote:

Originally Posted by mylove142

Hi all,

My project will buy Checkpoint VPN-1 Pro but Checkpoint VPN-1 Pro is end of sale. Now, I am going to bye Checkpoint VPN-1 UTM to replace VPN-1 Pro. I want to ask everyone: the function of VPN-1 UTM and VPN-1 Pro is the same or VPN-1 Pro is better than VPN-1 UTM?

I will put VPN-1 UTM in datagram

DMZ - VPN-1 UTM - Router gateway - ISP

Please answer me early. Thank you very much.

Duy Khang

[MarioL]

I always use this page when I want to check exactly what each part number gives you, in terms of licenses:
https://pricelist.checkpoint.com/pri...tions/main.jsp

And from there I usually go:
https://pricelist.checkpoint.com/pri...enerallist.jsp

It has list price, modules included and now it even has pictures :)

BTW for Active/Passive you don't need a ClusterXL license, just like Nick pointed out.

[hdharmaraja]

I assume the license for VPN-1 UTM is sold as bundle or is it possible to purchase a single license just for the gateway and manage it by my existing smartcenter. Hence not pay extra money for management license.

[chillyjim]

Both bundled and un-bundled. See:

https://pricelist.checkpoint.com/pri...=VPN-1Software

[Thorpuse]

It's really important to note that the UTM-1 Device does not provide a management license that can be installed on a seperate machine i.e. the UTM-1 must run management and module. There used to be an exception for Clustered setups, but I'm not sure that this is still supported.

Also worth noting is the Management license on a UTM-1 is NOT the same from a feature perspective as a SmartCenter UTM license. UTM-1 license also includes a SNX-5 license and a cut-down Eventia license, as well as SmartView Monitor. What sucks big time is that you get less functionality when you pay more to get a proper distributed setup. Another beautiful quirk of Check Point licensing....

Another example of Check Point succeeding despite their best efforts and crazy licensing choices...