CheckPoint on Solaris

[Cruizin]

Hi All,

My company is evaluating alternatives to the Nokia platform for CheckPoint simply because we've had issues with the Nokias and are unhappy with support. I'm currently tasked with comparing different platforms that CheckPoint will run on in addition to evaluating SPLAT. I'm trying to do a write-up that compares CheckPoint on the following platforms with the Pros and Cons for each:

Solaris
CrossBeam Systems
SPLAT

Can anyone provide some inside information regarding the Pros and Cons of the above mentioned platforms for CheckPoint?

[mmoret]

I use Checkpoint on Solaris and Nokia.
The benefits of Nokia are in my opinion:
-Ease of install/management/deployment
-No unix knowledge necsessary
-Clustering out of box with checkpoint

The downside is that you cannot just run other software on your firewall (like DNS, proxy, mail)

I believe Solaris is an enterprise platform with great performance and stability.
The downside: You need administrate a server as well as a firewall.

I have played around with splat and think is great as well, but do not have as much experience with it as with Solaris and Nokia.
We use splat as an standby enterprise management station. I export and backup the checkpoint config and have splat standing by with the same ip as the current management station.

Good luck!
Martijn

[RobertGraham]

Is this only for enforcement?

Changing from IPSO to SPLAT because Nokia doesn't have good support, is in my opinion like deciding that you want to trade in your BMW 540 for a Lincoln Navigator because the Beamer is too slow.

In essence, Nokia has far and away much better support than Check Point. In fact, Nokia will often answer Check Point questions better than Check Point. In the case that you have a very difficult problem, Check Point is the only place to go, since they have access to the source code etc. For most issues though, the company I work for prefers to open tickets with Nokia.

There's no question that Nokia is very expensive, but the money is saved in humans - like you need less of them. At this other company I worked for, we administered 125 Nokias with 2.5 people. It would've required four at least to do the same with Solaris.

I recommend you work with Nokia and try to escalate your concerns. Speak with a manager or whatever. Communicate your great dissatisfaction and see what happens, because it's either a fluke or your expectations are so high that the other vendors will fall way short.

I have no connection to Nokia, this is really my honest opinion. I've worked with SPLAT a little, it's a good platform. But, the consideration should then be out of pocket expenses and not support. If you have Solaris black-belts hanging around with plenty of extra cycles, the change would make sense also.

PS: All the management stations I've ever worked on were all Solaris, if that helps.

[abusharif]

not that it answers ur question, but Nokias support is most likely best support involving checkpoint products. They always answer fast and its easy to get to second line support when needed within couple of hours. That my friend you can pretty much forget when contacting Checkpoint ;)

Anyways.......Splat....i use it a lot and can recommend it. No real cons with it more then other platforms except maybe a little more time you have to put for hw compatibility then just buying nokia box which is all setup from start. Pros, very fast, easy to manage especially if you have some linux background, no extra OS licenses etc.

Solaris.....long time ago i used solaris as a CP platform, probably last time on 4.1 and according to my prior (and somehow ancient) experiences there is no pro's with using solaris as platform (unless your knowledge only circles arround it and you want to have unified OS platform). One word sum it all slow slow in compare to others os/value for money.

[chillyjim]

Quote:

Originally Posted by abusharif

Solaris.....long time ago i used solaris as a CP platform, probably last time on 4.1 and according to my prior (and somehow ancient) experiences there is no pro's with using solaris as platform (unless your knowledge only circles arround it and you want to have unified OS platform). One word sum it all slow slow in compare to others os/value for money.

At the high-end SPARC/Solaris is still a good choice. Its performance is great, it's price/performance isn't. I still see a lot of Solaris running P-1 but not so much on the gateways anymore. Solaris' big hold on the Check Point's market early on was the fact Sun OEM'ed FW-1 as Solstice FireWall-1, then Sun had delusions of grandeur...