 | ||
 NOKIA or SPLAT on INTEL, which is best ? | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2008-07-07 | |||
| |||
 NOKIA or SPLAT on INTEL, which is best ? Hi, I've spend the last 9-10 years working with Checkpoint running on Nokia with IPSO. I've noticed more and more companies are starting to use SPLAT on Intel hardware as enforcement points. While I've had plenty of experience running SPLAT on Provider1 or SmartCentre managers, I've not tried SPLAT as a firewall. Has anyone come accross a NOKIA VS INTEL type document which might highlight the pros and cons of each platform ? cheers,  |
| 2008-07-08 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? I'd have to go with SPLAT on Intel for usability and scalability. I guess this does fall back slightly where cost is concerned, but mostly the Intel boxes are much easier to setup and maintain with SPLAT. Plus, as newer more bloated versions of NGX are released, you don't have to worry as much over hardware capabilities. When the Intel hardware gets too old, you can replace it with newer boxes and turn the older hardware into file/print servers or whatever. Nokia's are only good for beer money (ebay) once they're too old to run the software (or doorstops - lol). Just my $ .02 __________________ There's no place like 127.0.0.1 |
| 2008-07-08 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? At several places over the last few years I've gone through this sort of thing. No external documentation available unfortunately, but there's a standard sort of process that you need to go through, and the answers will vary for different organisations. The answers will also change over time. There's another wrinkle in the mix now with Check Point's appliances - I know chillyjim says they can work out better value for money than SPLAT on <insert your favourite HW vendor here>. lammbo does have a good point about being able to re-purpose the systems later. It's nice having generic hardware like that. Things you need to think about are how much of an issue money is - for the hardware - as opposed to support and maintenance costs, how you like your support structure to work e.g. is it important to have one vendor support hardware, OS and application (Check Point)? Or do you have so many HP DL380s in your organisation that you have fantastic internal support structures for the hardware? Lab stuff is something to think about - if you're all Nokia, then you need Nokias in your lab - more cost. If it's SPLAT, you can always find an Intel server to use in the lab. But if your organisation is reasonably large, with 120 modules, then ordering a couple more for the lab is no big deal. People is a big thing too - do you already have people with experience with SPLAT? (in your case, it seems yes) Or do you need to retrain people? How easy is it to get new people with Nokia/SPLAT skills? Those are the sorts of things that I've gone through in the past, when working with companies trying to decide what to deploy. SPLAT is pretty much always a no-brainer on the mgmt side, but the answers have varied on the enforcement side. Usually we've sat down, gone through all the pros and cons, listed them, then made a call. |
| 2008-07-10 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? It depends, if a greenfield site then I would go with SPLAT or Check Point Appliance as starting from scratch. If there is an existing trained userbase with Nokia then we tend to go with Nokia/Check Point Combo as they already have the skill set for IPSO so this is not an issue, and the admin feels comfortable as they know IPSO. Most SPLAT vs Nokia comparisons I a have come across have always been just about price. Even before SPLAT I never met a Check Point employee that didn't moan about the cost of Nokia Appliances. The Nokia's scale quite well with the new generation of appliances and with the ADP cards then performance really takes off, providing you have the cash. The only real killer difference I can make between the two is this. Are you running Dynamic Routing to Edge Devices. Yes then get SPLAT Pro as Edge doesn't Dynamic Route VPN with OSPF to Nokia's, only SPLAT Pro boxes. No, then get which everone fits your pocket / requirements better. |
| 2008-07-10 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? In my organisation we are getting rid of Nokias and replacing them with SPLAT. We flirted with the new UTM boxes but didn't like the lockup of licenses to hardware. We're a HP shop so using DL360's and DL380's. If a disk dies I can explain to a newbie over the phone how to swap the drives. Also you can knockup a quick trial in VMWare or on a dodgy old PC much easier than finding Nokia hardware. (although I've seen the odd post about sucessful IPSO on VMWare......) |
| 2008-08-03 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? Checkpoint will be ending its relationship with Nokia in the next 3 years. WIth that said Splat make sense for several reasons. Its cheaper, finally fully supported by Checkpoint (no more calling Nokia for some things and Checkpoint for others), HA management is more intuative (especially when troubleshooting failover), and performance (firefly boxes out perform ANY Nokia). Netleets.com IT Security news IT Security news and information in plain english |
| 2008-08-04 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? Quote:
|
| 2008-08-05 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? I'm pretty sure that CP wants to kick out Nokia from their business but I don't think it will be as quick as suggested desperado618. 40% of the CP's firewalls are running Nokia's IPSO and I'm not so enthusiastic regarding CP's appliances. Tan |
| 2008-08-05 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? Quote:
Nokia offer a one stop call so wether it's Nokia or Check Point you can just call Nokia. If Nokia can't deal with it then Nokia will escalate to Check Point for you. If you CHOOSE to go to Check Point with some issues and Nokia with others, that is your CHOICE it is not forced on you. As such there has always been 1 stop support calls available on Nokia if you cared to use it. With SPLAT it is only one stop if you have the Check Point appliances. Buying your own HP/Dell/IBM and putting SPLAT on is no longer one stop support. Power 9070 is 14Gbps throughput. The Nokia IP2450 fitted with IPSO 6.0 and ADP modules is >20Gbps so I wouldn't say that the Power appliances outperform ANY Nokia. I have taken the top of the range Check Point and the Top of the Nokia offerings here, but you did say ANY nokia. Being pedantic my understanding was that Firefly is only the IAS range of boxes which peak at 9Gbps but that is being pedantic. Why is HA Management Failover more intuitave on SPLAT then Nokia? Are you talking SMARTCenter HA or Gateway HA. HA Management to me is SMARTCenter HA, and I would never advise anyone to buy a Nokia for SMARTCenter as they just aren't built for good SMARTCenter performance. Much better to get a HP DL360 or IBM/Dell equivalent. Nokia's are built for throughput not good with the CPU and Storage. Nothing to do with the merits of IPSO or SPLAT just the basic hardware. Maybe for me it's because my Check Point predates SPLAT so alway used to the Nokia anyway for the gateway failover troubleshooting. Do you have any evidence or links to evidence to backup that Nokia/Check Point will split in the next 3 years or as Thorpuse said is this your opinion, as I would certainly like to know if this if actually happening, or just the rumour mill. Personally the way you hear Check Point go on about Nokia over the years it is amzing that still going anyway. I tend to go with which ever platform best fits. If they have Nokia already then tend to go with Nokia, with a SPLAT Server for the SMARTCenter. New installs I tend to go with the Check Point appliances or HP/SPLAT as more cost effective. So I am not a Nokia Fanboy by any stretch of the imagination. |
| 2008-08-06 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? I don't believe that they die with the box. My understanding is that would be able to trade in for newer models, which would come with the license. However yes the license is not transferrable off the appliance to another platform or a pure SPLAT system. |
| 2008-08-06 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? You can do that, but when I asked my distributor he had no idea of how that would be done in the future... So it all comes down to how "nice" the upgrade procedure is, knowing Check Point, I wouldn't be that hopeful ;) |
| 2008-08-06 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? Quote:
|
| 2008-08-07 | |||
| |||
| Re: NOKIA or SPLAT on INTEL, which is best ? In their defense, the price-point for appliances compared to what you get in software is pretty damn attractive.... It'd be interesting to run a 3, 5 and 10year TCO between a UTM and the equivalent HW/SW setup. When you consider how much additional you pay in CES/Support/Subscriptions for a software license (and then add another x% for EOLed SKUs, and more again for the SmartDefense addons compared to the UTM SD SKUs) and I'm not so sure that the answer is as black and white as you'd think. Of course, everyone's environment is different, and the models will vary between each setup. Just another challenge to add to the joys of Check Point products and licensing! |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
