software & license requirement for SecurePlatform with cluster

[jackson_ku]

Hi,

We planned to design 2 Checkpoint SecurePlatform servers, our requirement are :

1. must running HA or load sharing mode
2. must support unlimited users
3. must support 5 site to site IPSec VPN tunnels
4. must support unlimited remote access IPSec VPN clients

Please give me advise which software & software license I need to purchased? And which software or software license is free?

We already have 2 Nokia IP650 installed and running. Is there any good methods to transfer all configurations from IP650 to SecurePlatform for both configuration in IPSO & Checkpoint? ( In my new network structure, all firewall configuration no change except one of Firewall interface IP address change to another IP subnet )

Best Regards,

Jackson Ku

[mcnallym]

You will need to manually transfer the network settings from IPSO to SPLAT. The security policy is on the management server so shouldn't be affected.

As you want unlimited then I would suggest as follows.

CPPWR-CKP-5-U VPN-1 Power Unlimited Gateways and SMARTCenter for 5 sites.

CPPWR-VPG-HA-U VPN-1 Power Unlimited Gatway for High Availability. WHen combined with above will give 1 pair of licenses for gateway cluster.


CPMP-CXLS-U Cluster XL for Unlimited Gateway IF you want Load Sharing / Active/Active. If you want High Availability / Active/passive then you don't need this.


You would need appropriate software subs etc however your reseller can get you that.



This will give you a SMARTCenter that can manage 5 sites. A site being a cluster or gateway, or edge box. They inlclude the licenses for Secure Remote connectivity for VPN CLient but does not inlclude SecureClient if you wanted that instead.

It will also give you a pair of gateways to make 1 cluster. The optional CLusterXL license is for if want Active/Active.





Alternatively then you could look at the new appliances that include the gateway licenses and just buy a Smartcenter license.

[chillyjim]

Quote:

Originally Posted by mcnallym

Alternatively then you could look at the new appliances that include the gateway licenses and just buy a Smartcenter license.

2x UTM-1 (probably a 2050) may work for you as well depending on throughput requirements. UTM-1 includes a SmartCenter.

[chillyjim]

Quote:

Originally Posted by jackson_ku

We already have 2 Nokia IP650 installed and running. Is there any good methods to transfer all configurations from IP650 to SecurePlatform for both configuration in IPSO & Checkpoint? ( In my new network structure, all firewall configuration no change except one of Firewall interface IP address change to another IP subnet )

For gateways, there really isn't anything from the checkpoint side to transfer, it will all get pushed from the SmartCenter.

As for the OS config, I've never seen anything. If you find something, please let us know.

[jackson_ku]

Hi,

Thanks for your kindly support.

Best Regards,

Jackson Ku