PDA

View Full Version : which spec firewall for site



carl_t
2013-09-06, 05:17
Hi all

I have a new site coming soon, small datacentre, 10mbit internet connection, 10 mbit mpls, 10 megabit point to point, about 300 users on site , there will be some server replication going across the WAN, however it shouldnt exceed 64 mbit if we upgrade later, there may be some servers in the dmz also for web etc.

on our other sites we used to use IP390 appliances for this kind of setup, what unit would I require for the above ?

I have been looking at the 4400 and the 4600

which would most suffice for my requirements, I will be running firewall and IPS

cheers

mcnallym
2013-09-06, 06:28
On Check Points Website then they are suggesting that people buy 4800 instead of the IP397 now, with the IP appliances being withdrawn from sale.

However I know from experience that the Check Point recommendation tends to be on the conservative side. However they tend to allow for about 40-50 growth in traffic or a number of additional blades to be added on.

With Firewall/VPN and IPS only then a 4600 should be OK for now and next couple of years.

PhoneBoy
2013-09-06, 12:36
However I know from experience that the Check Point recommendation tends to be on the conservative side. However they tend to allow for about 40-50 growth in traffic or a number of additional blades to be added on.

You're correct, the recommendations tend to be on the conservative side--with good reason.
By building an assumption of 50% growth in traffic into the recommendations, you can be assured the appliance you buy today will still be serving your needs in 3 years (or longer).

As for the specific IP397 to 4800 recommendation, consider that the IP390 came out in 2006.
In those days it was doing firewall, VPN, and maybe IPS with SmartDefense.
Obviously in 2013 you can do a whole lot more with your gateways now.
Not to mention the hardware has evolved quite a bit since then.
And the 50% growth assumption. :)

Obviously that's a general recommendation and your specific circumstances may vary.
Depending on the exact requirements, a 4600 may be an adequate replacement for an IP397.
Your Check Point Partner or Sales Rep can help.