CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 20 of 20

Thread: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

  1. #1
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    11

    Default Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    I've been in search for a 1gb capable router, but my search has a unique twist. I want to be able to pass 1gb (line speed) in the VPN. So let me explain.

    Verizon FIOS 1gb service (which I know is not true gb, but let's say 790/800 on the upload side

    Currently using two 680's on 150/150 at one site and 75/75 at another site. iperf3 says I'm getting 75mbps between sites which makes sense since one side is limited. But I'm looking to raise both sites to 300/300 My two 680's will top out at 240mbps which is close enough for now, but I'm also looking at FIOS gigabit service

    I want to be able to transfer over ipsec/vpn as close to line speed as possible (all other device bottlenecks aside) on any possible speed increases I may make to my FIOS service.

    Not a terribly easy feat for a desktop "appliance" type device. My 2 680's will max out at 240 mbps.

    So I went on a hunt and found checkpoint gear to be very expensive. Then I came across the 4800 which can at times be available 3rd party at a pretty good discount.

    Questions:

    1. Would it actually be able to pass 700-800mbps over VPN on one of the 1gb copper ports? No special expansion slot cards needed? (Spec's show it's rated at 2 Gbps of VPN throughput, AES-128)
    2. I'm used to my 680 configurations & gui. I don't subscribe to any blades so I just use Firewall & IPSec VPN which show as Expiration: Never. Would the 4800 work the same way?
    3. Is there any pitfall of buying 3rd party (other than no support and no blades), that the unit would be unusable with those 2 basic features (firewall and ipsec vpn)?

    Err.. Ahh.. does this device need $12,000 of licensing in order to work?

    Even know I will likely only be going to 300/300 FIOS at my 2 locations, I'd still like to know that I could handle FIOS Gig should it become affordable in the future.

    Would love to stay with Checkpoint for my next step. Was looking at some other hardware and felt like a traitor ;)

    Roveer
    Last edited by roveer; 2017-10-17 at 20:57.

  2. #2
    Join Date
    2007-06-04
    Posts
    3,267
    Rep Power
    16

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Quote Originally Posted by roveer View Post
    I've been in search for a 1gb capable router, but my search has a unique twist. I want to be able to pass 1gb (line speed) in the VPN. So let me explain.

    Verizon FIOS 1gb service (which I know is not true gb, but let's say 790/800 on the upload side

    Currently using two 680's on 150/150 at one site and 75/75 at another site. iperf3 says I'm getting 75mbps between sites which makes sense since one side is limited. But I'm looking to raise both sites to 300/300 My two 680's will top out at 240mbps which is close enough for now, but I'm also looking at FIOS gigabit service

    I want to be able to transfer over ipsec/vpn as close to line speed as possible (all other device bottlenecks aside) on any possible speed increases I may make to my FIOS service.

    Not a terribly easy feat for a desktop "appliance" type device. My 2 680's will max out at 240 mbps.

    So I went on a hunt and found checkpoint gear to be very expensive. Then I came across the 4800 which can at times be available 3rd party at a pretty good discount.

    Questions:

    1. Would it actually be able to pass 700-800mbps over VPN on one of the 1gb copper ports? No special expansion slot cards needed? (Spec's show it's rated at 2 Gbps of VPN throughput, AES-128)
    2. I'm used to my 680 configurations & gui. I don't subscribe to any blades so I just use Firewall & IPSec VPN which show as Expiration: Never. Would the 4800 work the same way?
    3. Is there any pitfall of buying 3rd party (other than no support and no blades), that the unit would be unusable with those 2 basic features (firewall and ipsec vpn)?

    Err.. Ahh.. does this device need $12,000 of licensing in order to work?

    Even know I will likely only be going to 300/300 FIOS at my 2 locations, I'd still like to know that I could handle FIOS Gig should it become affordable in the future.

    Would love to stay with Checkpoint for my next step. Was looking at some other hardware and felt like a traitor ;)

    Roveer
    You would need the license, however licenses are allocated/fixed with Appliances. So if you do buy a used 4800 make sure that you also get the UserCentre license moved across to a User Centre account that you have. Would suggest that setup a new account, give the seller access to transfer the license too, then once have the license remove them from the account. Then transfer the license across to your normal UserCentre account.

    You won't have any support but the Firewall/VPN blades will work.

    One thing to bear in mind however is that those figures are for a Gateway.

    Being full checkpoint then the 4800's will need management server which if onbox will have a negative impact on your throughput.

    If all you are bothered about is Firewall/VPN and no support then you are really paying over the odds with the Check Point. That functionality is pretty much commoditized now.

  3. #3
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,219
    Rep Power
    13

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    1Gbps of VPN throughput seems like a bit of a stretch to me for a 4800. A few notes that should help:

    1) I don't see how the box can be rated for 2Gbps AES VPN throughput when all IPSec VPN traffic can only be processed on one Firewall worker core due to a limitation in R77.30 and earlier.

    2) The 2Gbps benchmark may assume the VPN traffic is fully accelerated by SecureXL, which is certainly possible given that you will only have the Firewall and IPSec VPN blades enabled. Don't use SHA-384 or the GCM versions of AES with your VPN tunnels as these will disable acceleration.

    3) The 4800 processor does not have support for AES-NI which can increase AES encrypt/decrypt performance 4-10X. Models 5600 and higher (except for 12200 and Power-1 9000/11000) all support AES-NI which would certainly be nice to have for future-proofing. Note that Gaia must be running in 64-bit mode (6GB+ RAM required) to take advantage of AES-NI on systems that support it.

    4) R80.10 has eliminated the single-core IPSec VPN bottleneck mentioned in #1, and would be highly recommended over R77.30 in your case.

    5) Due to the high probability of the vast majority of traffic being accelerated (definitely make sure SecureXL is turned on), I'd recommend initially reducing the default number of CoreXL instances on your 4800 from 3 to 2 which would give you a 2/2 split between SND/IRQ cores (where SecureXL traffic is handled) and Firewall Worker Cores.
    Last edited by ShadowPeak.com; 2017-10-18 at 13:37.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  4. #4
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    11

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    So let me tell you what I did, then you can tell me what I did...

    I bought a 4600 on eBay locally and picked it up from the guy today. I asked him about transferring the license and he told me, no license, it was wiped. Already not sounding good...

    I played around with it this afternoon and was finally able to get it connected to the internet using the webgui and R77 Smart Console. It's currently in trial mode. I then tried to obtain a license for it using my account and it said "problem" and directed me to contact checkpoint which I have done via their website.

    So let me see how this plays out.

    Check Point is going to tell me that this device is still registered to it's original owner and can't be transferred (except by them), and as I'm guessing they probably won't be able to tell me who it's registered too. How am I doing so far.

    So basically without a license transfer from their account to mine, then the device is pretty much a salesman's sample with 15 day use before it has to be reset.

    So then I'll go back to the eBay guy and say, you gotta come up with the license or you have to take the device back. Then he'll say, I'm only selling hardware, not software and I'll end up filing a complaint with eBay and it just get's uglier from their on.

    How's that sounding? Am I wrong anywhere along the line?

    So, I guess I reached a little too high in thinking I could get an enterprise device cheap. Just doesn't happen.

    But I do want to ask about the previous poster that says that he doesn't think the 4800 is anywhere near capable of passing 1gb VPN traffic. These are the specs for the 4600 straight from checkpoint:

     9 Gbps firewall, 1518 byte UDP
     1.5 Gbps VPN, AES-128
     30,000 max IPsec VPN tunnels
     1 Gbps IPS, Recommended IPS profile, IMIX traffic blend
     1.2 million concurrent connections, 64 byte HTTP response
     50,000 connections per second, 64 byte HTTP response

    The 4800 is rated at 2 Gbps VPN. So real life would be something less than 50% of stated specs?

    Finally,

    I've read that I can put pfSense on this device. Comments? If I end up not being able to use it as a checkpoint device, I'll probably give that a try. We'll chalk this up to the live and learn over exuberance category. I do over due it every once in a while.

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Id take it up with eBay. Show them proof checkpoint wonít even sell you a license for the box and then show this to mean it canít be used for its purpose and thus is broken. No idea if that will work jus throwing it out there.

    As far as pfsense, it might work. Not like you have much to lose.

  6. #6
    Join Date
    2007-06-04
    Posts
    3,267
    Rep Power
    16

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Quote Originally Posted by roveer View Post
    So let me tell you what I did, then you can tell me what I did...

    I bought a 4600 on eBay locally and picked it up from the guy today. I asked him about transferring the license and he told me, no license, it was wiped. Already not sounding good...

    I played around with it this afternoon and was finally able to get it connected to the internet using the webgui and R77 Smart Console. It's currently in trial mode. I then tried to obtain a license for it using my account and it said "problem" and directed me to contact checkpoint which I have done via their website.

    So let me see how this plays out.

    Check Point is going to tell me that this device is still registered to it's original owner and can't be transferred (except by them), and as I'm guessing they probably won't be able to tell me who it's registered too. How am I doing so far.

    So basically without a license transfer from their account to mine, then the device is pretty much a salesman's sample with 15 day use before it has to be reset.

    So then I'll go back to the eBay guy and say, you gotta come up with the license or you have to take the device back. Then he'll say, I'm only selling hardware, not software and I'll end up filing a complaint with eBay and it just get's uglier from their on.

    How's that sounding? Am I wrong anywhere along the line?

    So, I guess I reached a little too high in thinking I could get an enterprise device cheap. Just doesn't happen.

    But I do want to ask about the previous poster that says that he doesn't think the 4800 is anywhere near capable of passing 1gb VPN traffic. These are the specs for the 4600 straight from checkpoint:

     9 Gbps firewall, 1518 byte UDP
     1.5 Gbps VPN, AES-128
     30,000 max IPsec VPN tunnels
     1 Gbps IPS, Recommended IPS profile, IMIX traffic blend
     1.2 million concurrent connections, 64 byte HTTP response
     50,000 connections per second, 64 byte HTTP response

    The 4800 is rated at 2 Gbps VPN. So real life would be something less than 50% of stated specs?

    Finally,

    I've read that I can put pfSense on this device. Comments? If I end up not being able to use it as a checkpoint device, I'll probably give that a try. We'll chalk this up to the live and learn over exuberance category. I do over due it every once in a while.
    When Check Point sells the Appliance it comes with a License. The license is placed in the UserCentre Account of the Buyer.
    If they then resell the Appliance then the License should be transferred to a new UserCentre Account that belongs to the new Buyer.
    When they resell then they should arrange to transfer the license over to the new Buyers User Centre Account.

    Problem is that likely the people doing the Selling at the original buyer likely don't understand how the licensing works and is just disposing of kit treats it just like a Server etc.
    Person buying from them is likely just buying bulk kit and again doesn't understand really what buying other then a money value.
    As such neither of them sort out transferring the license.

    You are correct in as much that as far as Check Point Account Services concerned, nothing to do with them!

    There has been a thread on here before where someone else came unstuck like this.

    Hence my comment about make sure that the seller has the license and can transfer otherwise simply buying a piece of metal.

  7. #7
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    11

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    This is probably a stupid question as I'm very new to the Rxx platform and finding it quite a challenge (always up for a challenge).

    Previously I reported that I was having trouble getting a license for this 4600 and I speculated that it was due to the fact that I bought it used and had to get the license transferred. Of course the seller knows nothing about this. I looked at the message I received again and now think that maybe it's the way I have the router set up that might be causing the problem (or this problem at least)

    Here's the error I'm getting:

    Click image for larger version. 

Name:	checkpoint46001.jpg 
Views:	76 
Size:	170.9 KB 
ID:	1335

    The error: "An Error ocurred while trying to send the request to join the account"

    So maybe I caused this problem. I had a very hard time setting the router up initially. Several screens were ambiguous and I was having some difficulty. What I eventually ended up doing was
    1. Ran through initial webgui set up.
    2. Installed smartdashboard and between the webgui and smartdashboard was able to get the device connected to the internet.
    3. Configured an WAN port
    4. Configured a LAN port
    5. Set up a static route
    6. Installed a policy
    7. Made a policy rule to allow the Lan to send/rec to the WAN.

    At that point a laptop connected to the lan port could access the internet. I then went into the webgui and through licensing tried to get a license. That's when I got the error.

    Should I be doing this from the management port? If so, does the management port need to have access to the internet? This is where I think I may be making a mistake. I have been unable to get a laptop connected to the management port to have access to the internet (and maybe it shouldn't), but I'm not used to working with management ports.

    Can someone set me straight on this. Now, I'm sure if this problem is configuration that as soon as I resolve it, the error will probably change to something else related to the fact that the license for this device is already in someone elses smartcenter, but right now I have to deal with the error I'm seeing.

    Thanks,

    Roveer

  8. #8
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    11

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Quote Originally Posted by mcnallym View Post
    When Check Point sells the Appliance it comes with a License. The license is placed in the UserCentre Account of the Buyer.
    If they then resell the Appliance then the License should be transferred to a new UserCentre Account that belongs to the new Buyer.
    When they resell then they should arrange to transfer the license over to the new Buyers User Centre Account.

    Problem is that likely the people doing the Selling at the original buyer likely don't understand how the licensing works and is just disposing of kit treats it just like a Server etc.
    Person buying from them is likely just buying bulk kit and again doesn't understand really what buying other then a money value.
    As such neither of them sort out transferring the license.

    You are correct in as much that as far as Check Point Account Services concerned, nothing to do with them!

    There has been a thread on here before where someone else came unstuck like this.

    Hence my comment about make sure that the seller has the license and can transfer otherwise simply buying a piece of metal.
    I sent the guy who sold me the device a note to tell him that I was having licensing issues. He says he's sold lots of checkpoint equipment and never transferred a license and nobody every complained. That's not possible is it? If I understand this correctly (and please let me know if I'm right or wrong on this). Is that only one license is created for a device and it must be transferred. Is there a way for CP to re-issue a new license for a device? How would people who buy equipment from this guy (wiped) be able to use the equipment without a license? The guy thinks I have to go buy a license and I can't use someone elses. Please explain so I understand and can fight these guys. Very few CP equipment sellers on eBay have any idea of what is going on.

    I'm not all broken up over this, I only paid 160 bucks and he's willing to take it back, but I want to know how this licensing works so I don't make this mistake in the future.

  9. #9
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Try this, don't PM Phoneboy at all, i'm sure nothing will come of it. Next... er i mean first.. call Account Services and let them know you bought this firewall and are trying to get the licenses.

    972 444 6600 - option 5.

    Now i have to say.. checkpoint is not a fan of reselling firewalls so you might be SoL .. but.. um.. like maybe since your a student.. um.. and you used that money to buy a firewall instead of books.. uh.. mom's operation put off..etc etc.

    The legit license is in someone else's UC account and until they copy it out or give you access you can't get it and whats worse depending on how its deployed you might be forced to use a management server to put it on the firewall. I'm just not sure if checkpoint will even let you change the IP is currently set to if you do get the legit licenses in usercenter.

  10. #10
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    11

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    got it! I already decided I wasn't going to bother PB on this one. He's been very helpful to me in the past. If it turns out the license is someplace else (which I'm sure it is), I'm giving it back to the guy and getting a refund. I think he's just plain lying saying he sells lots of CP gear and never has a problem. As far as I see it, just about every CP product would have a similar licensing situation unless it had never been registered.

    I'm also kinda curious about putting pfSense on the box. A question: Could I just swap out the hard drive and be able to play with pfSense and not effect the CP images? Isn't this just a PC with a bunch of lan ports?

    Also, I'm curious as to what the CP magic is here. Rated at 1.5Gbps vpn speeds on a fairly low end processor (not even AES-NI capable). How are they doing that? Would/could I expect to see same results in pfSense? After all, my goal is good firewall, vpn site to site capability, and blazing speeds across VPN on gig FIOS ethernet. That's my mission. Sadly, that spells Ubituiti ER-4 which release in 20 days for 150 bucks. I was giving it one good try for CP, but I think I'm in over my head.

    Roveer
    Last edited by roveer; 2017-10-19 at 16:24.

  11. #11
    Join Date
    2006-09-26
    Posts
    3,150
    Rep Power
    15

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Quote Originally Posted by roveer View Post
    Rated at 1.5Gbps vpn speeds on a fairly low end processor (not even AES-NI capable). How are they doing that?
    this is checkpoint "marketing" number, not a real world scenario number :-(. It is well known !!!!!

  12. #12
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Well the SMB firewalls have a built in firewall license that doesn't expire.. so maybe not for those.. but for everything else for sure. My guess is that is why its so cheap.

    Don't worry about the hard drive. You can always re-image it with a USB drive if you want. Yeah its basically a PC, but i'm not sure if the cards are normal PCI cards or not. Just make a usb image of $linux, boot and see if the network comes up. oh wait. or pfsense.. but i see a lot of posts about checkpoint firewalls running pfsense on ebay so it must work ok. I think all the checjpoint 1g nics are just intels.

    As far as that VPN number, packets per second is major issue. So.. maybe larger packets to get that number? Jumbo possibly? Add in a dash of marketing.. /shrug

    Could be just a openssl benchmark as well.

  13. #13
    Join Date
    2007-06-04
    Posts
    3,267
    Rep Power
    16

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Quote Originally Posted by roveer View Post
    I sent the guy who sold me the device a note to tell him that I was having licensing issues. He says he's sold lots of checkpoint equipment and never transferred a license and nobody every complained. That's not possible is it? If I understand this correctly (and please let me know if I'm right or wrong on this). Is that only one license is created for a device and it must be transferred. Is there a way for CP to re-issue a new license for a device? How would people who buy equipment from this guy (wiped) be able to use the equipment without a license? The guy thinks I have to go buy a license and I can't use someone elses. Please explain so I understand and can fight these guys. Very few CP equipment sellers on eBay have any idea of what is going on.

    I'm not all broken up over this, I only paid 160 bucks and he's willing to take it back, but I want to know how this licensing works so I don't make this mistake in the future.
    Really depends upon what has been selling previously. SMB kit comes with the license pre-installed so wouldn't need to transfer the license. When you reset the device then it already has the license so no need to transfer as such.

    Could also be that whoever has bought the kit is buying for a lab so the 15 day built in license and resetting the date/time, rebuilding isn't an issue for them, or may even work for a Check Point partner so can generate there own 30 day licenses and simply keep putting new evals on.

    For the Enterprise kit like then you need access to the UserCentre Account where the license is stored. You are correct in that only 1 license is issued ( when the appliance is purchased from Check Point ) and that license is transferred to the purchasers UserCentre Account. If you resell the box then you should also arrange to transfer the license to the new owners UserCentre Account.
    When you rest Enterprise kit then there is no license installed beyond a 15 day trial license.

    Check Point won't sell a new license for the Appliances ( other people here tried that and found that out ), and you will find Account Services not interested either. Working for a Check Point partner then when found that put the wrong license in then end up having to get physical photo's getting all of the PO order trail etc to get Account Services to transfer the correct license inplace of the one that in the UserCentre account.

    Unless going to use as tin with something like pfsense then probably best sending back as seller seems ok with that.

  14. #14
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    11

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    I'm a bit surprised. Checkpoint Support responded back with the name of the company (and email address) of the current license holder with instructions of how to move the license. I've contacted the eBay guy and asked him if it's ok for me to contact the company. Having been in IT for years I know that a lot of times equipment makes its way out of companies under dubious terms and before I go opening up a can of worms (which is likely) I figured I'd give him the opportunity to take it back and give a refund. Otherwise I'm going to contact the company via the email Checkpoint gave me and ask that the license be transferred. That's probably when all hell is going to break lose, but heck, I just bought something on eBay.

    This should be interesting.

    Roveer

  15. #15
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Oh nice! keep us posted, want to see how this turns out.

  16. #16
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    11

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    You know that sound, that sound when your packman gets eaten by inky blinky pinky or clyde. You know. woo woo woo woo blunc blunc. That's the sound that played when the email I sent to the company got kicked back as "no user on system". Now I'm left deciding whether or not to call the company directly (a law firm I might add) and asking for the IT department and then explaining I bought something on eBay that belonged to them. Oh yeah, that's going to go over really well. I'll probably give it one shot and hopefully won't get anyone fired for stealing company property, and then I might just offer to take a partial refund from the guy and turn it into a pfSense firewall. I'm wondering if pfSense would perform as well as checkpoint running on that hardware? This is all a big science project.

    Roveer

  17. #17
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,623
    Rep Power
    9

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Never say die!! Look said person up on LinkedIn/ fecalbook as well.

  18. #18
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    250
    Rep Power
    12

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Quote Originally Posted by roveer View Post
    You know that sound, that sound when your packman gets eaten by inky blinky pinky or clyde. You know. woo woo woo woo blunc blunc. That's the sound that played when the email I sent to the company got kicked back as "no user on system". Now I'm left deciding whether or not to call the company directly (a law firm I might add) and asking for the IT department and then explaining I bought something on eBay that belonged to them. Oh yeah, that's going to go over really well. I'll probably give it one shot and hopefully won't get anyone fired for stealing company property, and then I might just offer to take a partial refund from the guy and turn it into a pfSense firewall. I'm wondering if pfSense would perform as well as checkpoint running on that hardware? This is all a big science project.

    Roveer
    pfSense is based on FreeBSD, which Netflix uses on their own infrastructure to serve videos at around 40 gigabits per second per box. With some tuning, it could definitely perform in the same ballpark as Check Point's software. It probably won't get quite the same level, but it won't be an order of magnitude off. Check Point's OS is based on Redhat Linux. You can install it on random servers.

    The "appliances" Check Point sells are pretty basic servers. They don't really have special hardware except in the low-end (Edge, Safe@Office, SG80, 600, 700, 1100, 1400) and high-end (21k, 41k, 44k, 61k, and 64k) lines. Everything between the extremes is Intel processors and network interfaces. It can be a pain to get into the BIOS, since they have no accessible VGA. That's about it.

    For anything you use to make money, I would look at other boxes. The ones Check Point sells have the ports on the wrong side, no cable management, and really junky LOM. They're what you'd get if you put modern processors into a server from 15 years ago. For personal stuff, they're a decent way to get raw computing power and a rackmount case for a reasonable price, as long as you don't need to deal with the licensing or additional PCIe cards.
    Zimmie

  19. #19
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Quote Originally Posted by roveer View Post
    You know that sound, that sound when your packman gets eaten by inky blinky pinky or clyde. You know. woo woo woo woo blunc blunc. That's the sound that played when the email I sent to the company got kicked back as "no user on system". Now I'm left deciding whether or not to call the company directly (a law firm I might add) and asking for the IT department and then explaining I bought something on eBay that belonged to them. Oh yeah, that's going to go over really well. I'll probably give it one shot and hopefully won't get anyone fired for stealing company property, and then I might just offer to take a partial refund from the guy and turn it into a pfSense firewall. I'm wondering if pfSense would perform as well as checkpoint running on that hardware? This is all a big science project.

    Roveer
    Call the company, by all means. You have acquired this box legally, and if it was stolen or decommissioned, you are entitled to know. If any issue, raise the hell to the seller through Ebay
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  20. #20
    Join Date
    2007-10-12
    Posts
    141
    Rep Power
    11

    Default Re: Check Point 4800 on either end of 1gb FIOS. VPN Throughput question

    Well, I'm trying to reach one of the law firm guys via linked-in and also trying my friend who is IT in a law firm in NYC to see if he's had any contact with them. I guess we'll see how this plays out.

Similar Threads

  1. How do I check LOM configuration on 4800 firewalls ??
    By vthoom@hotmail.com in forum R77.10
    Replies: 1
    Last Post: 2016-05-07, 03:26
  2. Check Point 620 appliance: Experiences and actual production throughput?
    By sublime in forum Check Point Series 80/1100 Appliances
    Replies: 1
    Last Post: 2015-07-08, 05:46
  3. Throughput question VPN-1 Edge vs 640 Series...
    By roveer in forum Check Point UTM-1 Edge Appliances
    Replies: 13
    Last Post: 2014-09-27, 15:00
  4. How to check throughput on each interface
    By ottavio in forum Intermediate
    Replies: 7
    Last Post: 2012-08-01, 04:52
  5. Check Point - ISA question
    By The_Noose in forum Miscellaneous
    Replies: 1
    Last Post: 2005-11-03, 14:51

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •