Licensing

[Mindi]

One short question.

We are considering to switch to CP and have question regarding edge licensing.
If we buy licences for 3 sites, this means, that we can have only one FW node and only two edges?
Or if we buy edges then we can also get licences to manage them through smart center?

[dantro]

Each UTM-1 Edge comes with a product key. Which license this product key contains depends on which license you buy. A X16 license will get you an Edge that is limited to 16 Hosts. You can always buy license upgrades and you'll receive another product key which you have to install on your Edge.

If you purchase a management license for three sites then it means that you will be able to manage three sites centrally. If you want to manage each of your Edges centrally then of course each Edge counts as a site. So you will only be able to manage your FW-Node and two Edges. But you can always manage your two Edges locally which saves you two management licenses. Buying a new Edge does not mean you will receive a license for one more site. This are two different things.

[Thorpuse]

This has always struck me as one of the stupidest licensing decisions Check Point has ever made, and has actually cost me business.

Check Point's best feature is its enterprise management, but they seem to keep trying to do things to limit its usefulness in licensing? Will they ever learn???

[RayPesek]

The last time I looked, their margins were over 50%. I'd say they have learned quite well. :-)

Ray

[Thorpuse]

Last time I checked, their market share was moving down, not up.... some lessons don't seem to sink in....

[Mindi]

So if I get then this right.

One FW node and two edges can be managed centrally.

Other edges need can be added normally or they need to be created as interoperable devices to work correctly or not?

Mindi

[Thorpuse]

Not quite... If you add Edge Devices, you'll have to select that they are Externally managed. You'll also probably run into limitations around VPN Communities and have to manage policies and everything else on the Edge boxes locally.

[RayPesek]

Quote:

Originally Posted by Thorpuse

Last time I checked, their market share was moving down, not up.... some lessons don't seem to sink in....

Touch'e! I don't think we'll see a change in attitude until there is another owner of the company. It's just a cash cow for the people at the top who started it. I still wonder if HP will try to buy them. The one big hole in their networking line is a major security product.


Mindi, which Check Point products are you looking at and how many? If you have the Power product, you can have as many unmanaged site-to-site VPNs as you want. The number of Check Point firewalls it can manage, including Edges, is determined by the license on the SmartCenter.

The former Express product, now known as UTM, was limited to 3 or 5 site-to-site VPNs with the included license (I can't remember which.). You had to buy extra licenses for more site-to-site VPNs regardless of whether they were managed or not. I do not know if UTM is licensed the same way, though.

The licenses that come with the Edge devices themselves do not care about whether they will be managed or unmanaged. It's the license on the SmartCenter that determines how many site-to-site VPNs and firewalls can be managed.

Perhaps Chillyjim will jump in here. He is a Check Point security engineer, I believe.

HTH,

Ray

[BarryStiefel]

Quote:

Originally Posted by RayPesek

The last time I looked, their margins were over 50%. I'd say they have learned quite well. :-)

Ray

I think we all know that Check Point could do a few small things that would cost them very little and yet would make their customers very happy, but they refuse again and again. Yes, their margins are high, for now, but their customers are becoming increasingly infuriated with them. They are definitely not customer-focused (if they were, CPUG wouldn't exist, for starters).

High margins are today's profit, but reputation and good will are tomorrow's profit. They seem to have a very short planning horizon. Fortunately for us, they have competitors.

[RayPesek]

"Infuriating" is a good word. One old one that comes to mind is the ridiculous need for a special license for multi-processor boxes. Even Microsoft allows up to four CPUs with their standard operating system licenses.

And the newest one is the requirement for a special license for multi-core processors! Even Microsoft doesn't treat multi-core CPUs as needing multiple software licenses.

And let's not forget how you can't get access to all of SecureKnowledge unless you have a contract with Check Point. If you have a support contract with a Check Point Support Partner, you just get the same access as any competitor who gets a free User Center account.

Hmmm, maybe this would be a good new thread. "What do you dislike about Check Point licensing?" If we could keep it on topic, maybe somebody at CP would take it as the feedback of dissatisfied customers.

Ray

[pat13b]

Coming from a Cisco reseller, we used to displace many medium size companies because of licensing and the costs with Check Point.

Now working for a Enterprise business, we have a mix of Check Point and Cisco products. We tend to like the Check Point product better from a functional standpoint but when the budget is tight, and we just need a basic firewall, it's Cisco. It wouldn't be if Check Point didn't make it so confusing and pricey.

-pat13b

[BarryStiefel]

Quote:

Originally Posted by RayPesek

"Infuriating" is a good word. One old one that comes to mind is the ridiculous need for a special license for multi-processor boxes. Even Microsoft allows up to four CPUs with their standard operating system licenses.

And the newest one is the requirement for a special license for multi-core processors! Even Microsoft doesn't treat multi-core CPUs as needing multiple software licenses.

And let's not forget how you can't get access to all of SecureKnowledge unless you have a contract with Check Point. If you have a support contract with a Check Point Support Partner, you just get the same access as any competitor who gets a free User Center account.

Hmmm, maybe this would be a good new thread. "What do you dislike about Check Point licensing?" If we could keep it on topic, maybe somebody at CP would take it as the feedback of dissatisfied customers.

Ray

I've repeatedly tried to get feedback to Check Point but they're just not interested. They're extremely focused on short-term profitability and unless you're a big customer who's considering a large purchase, they simply won't talk with you. I'm the President of their user group and when I contact them to offer to help they won't even return my calls. They refused to be a sponsor at our conference last May, and one of their employees asked for a discount to attend; I said yes, and six months later they still won't pay their invoice. Now they're on credit hold (with their own user group!) They seem to think that the most profitable position to be in is to push their customers right to the edge of defecting.

They're not making any friends here.