Experience Firefly ?

[joeri]

Hi,

Anybody has experience with Checkpoint Firefly systems ?
I'm looking for some good feedback on this, how do they compare to other systems, Nokia IP series, Crossbeam, Dell 2950's,...

Thanks

[cciesec2006]

We were thinking of purchasing Firefly for NGx deployment. I heard
a lot about this product last year when I was working for an Managed
Security Service Provider, MSSP. Checkpoint came in and recommended
that we push new customers toward firefly instead of Nokia.

At my new job, we were comparing @ purchasing Firefly and running NGx
R65 on Sun 4200-M2 platforms. At the end, we decided to go with Sun
4200-M2 Platforms for SPLAT NGx. Firefly is a good box but quite expensive.

If money is an issue for you, go with Sun or IBM series Servers instead
of purchasing FireFly. You will save money long term. After all, FireFly
is nothing but Checkpoint running on an IBM Server box.

my 2c.

[JeffP]

We are in the process of buying Fireflys. They actually come out to be very cheap if you are expanding. If you are just upgrading your existing infrastructure the deal is not so sweat as the Checkpoint price includes server, licensing, and 3 years maintenance. They do give you a pretty good trade-in on your existing but it's not a 1 for 1. If you start breaking out the cost into individual pieces you will be hard pressed to match the price.

[chillyjim]

***Disclaimer -- I make money selling FireFlys***


The one year price of a FF isn't good, the three-year price works out good, espically compared to other "bundled" systems (e.g. Nokia, CrossBeam). Personally I was very disappointed when Sun dropped the integrated platform (Think FF sold on and by Sun). Then again I'm a bit biased towards Sun :)

FF vs a Roll-your-own is very dependent on what you need. You will be hard pressed to beat the performance, and if you are looking for a load-sharing cluster (ClusterXL) you'll win with the FF price most times.

You also get SPLAT Pro (Routing and Radius auth).

Right now I would have to say my faviorite platforms are

FireFly
Sun 4200 (I'm told the new Intel based machines are really nice too. Don't know if they are in the x200 line or not)
CrossBeam

Mid-tier systems its hard to beat the UTM-1 450. A good Dell box works well too.

[mcnallym]

Surprising that Check Point suggest selling a Check Point firefly rather than a Nokia Box!

However they do look good the only gripe I have is that if you start adding in the expansion boards then about twice the price that you can get them online.

The good point however is that it no longer matters if hardware or software is still Check Point.

I think if brand new then go Firefly. I adding to an existing deployment then probably stick with the platform you already on.

[joeri]

Thanks for all your replies so far, one of the things which is also worth considering is that all new features are "immediately" there, certainly looking at CoreXL, while with -non checkpoint systems- you need to wait untill software has a changed version for that specific platform.

I think that price/performance/support is hard to beat at this moment for those firefly systems, and if anything goes wrong, you have 1 point of contact, Checkpoint.

Somebody allready running CoreXL in high traffic production environment ?

[lodown]

"and if anything goes wrong, you have 1 point of contact, Checkpoint."

I agree with the above statement. We used IBM servers with SPLAT Pro and initially had problems with support. IBM would change chipsets without changing model numbers. Sometimes upgrades would work fine, only to find out that a new install on the same hardware would fail due to unsupported hardware. Pricing aside, running SPLAT on a fully tested and supported hardware platform is a great step forward for Checkpoint. I only wish I had side-by-side comparisons vs the new Nokia hardware.

lodown

[joeri]

"I only wish I had side-by-side comparisons vs the new Nokia hardware", yep and even with other platforms, I think the Checkpoint community needs something like this... not the marketing talk but real technical tests (so no tests with 1 ANY rule ;-) )

Maybe this could be a good idea for the CPUG CON 2008 ? I'm over in Europe so for sure I can't join this event, but would be a good thing to run several hardware platforms against some traffic generators... (all with same configuration off course), I think a lot of technical people would benefit from such a thing !