CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 11 of 11

Thread: UTM Comparisons

  1. #1
    Join Date
    2006-10-20
    Posts
    1
    Rep Power
    0

    Default UTM Comparisons

    I am an original FW-1 user, and it seems with each new version I have let the licensing options slip from my mind more and more. I am proposing a new solution and I am unsure which route to go. The solution is relatively simple, 2 firewalls in an Active/Passive cluster environment. Those firewalls are protecting application servers (less than 10 IP addresses). I am trying to figure out if I could get away with UTM as opposed to UTM Power. Can I purchase a UTM Management and Gateway bundle for 50 users, one additional UTM Gateway for Load Sharing and 2 ClusterXL licenses to accomplish the same? Is there a datasheet that compares UTM to UTM Power?

    Jamie

  2. #2
    Join Date
    2006-01-26
    Location
    Moscow, Russia
    Posts
    704
    Rep Power
    15

    Default Re: UTM Comparisons

    UTM is new name for products Express and Express CI.
    UTM includes firewall, VPN, SmartDefense Service, IPS, web application security, and antivirus protection.
    Power is new name for FW-1/VPN-1 Pro. It includes all UTM features without AV and it includes extra features - FloodGate and SecureXL.
    UTM Power includes all UTM and Power features.

    If you want UTM cluster, I think, you need license for managment, license for gateway, license for secondary gateway for high availability and one Cluster XL license for load sharing.

  3. #3
    Join Date
    2006-01-25
    Location
    Americas
    Posts
    1,535
    Rep Power
    16

    Default Re: UTM Comparisons

    Quote Originally Posted by JamieDoherty View Post
    Is there a datasheet that compares UTM to UTM Power?
    I too would like one.

    I also inquired about VPN-1 Power with my CP Sales rep, he gave me the impression that there weren't any solid numbers comparing VPN-1 Power to VPN-1. He only said that if we were seeing performance problems with VPN-1 that we should consider upgrading our license to VPN-1 Power.
    Its all in the documentation.

  4. #4
    Join Date
    2006-12-20
    Posts
    91
    Rep Power
    14

    Default Re: UTM Comparisons

    VPN-1 UTM gateways provide firewall, VPN, SmartDefense Service, IPS, web application security, and antivirus protection on an all-in-one platform. Prices include software only.

    VPN-1 Power gateways provide blazing fast security for the most demanding environments providing best-of-breed firewall, VPN, SmartDefense Service IPS, and web application security. Prices include software only.

    VPN-1 UTM Power gateways are a combination of performance and simplicity- an all-in-one platform that includes the VPN-1 UTM features with the acceleration provided by the VPN-1 Power line. Prices include software only.

    ** Please advise that the annual subscription for SmartDefense & Antivirus is required if you want SmartDefense Services provide ongoing, real-time updates and configuration advisories for defenses and security policies. SmartDefense Services are licensed annually. The Anti-Virus signature update component of SmartDefense Services is also licensed annually.

    For Active-Standby configuration, Cluster-XL for LoadSharing is NOT required.

    Just Simply go to check point web site and click on "How to Buy" -> "Price List", then you'll see what components are included in the products/bundles.

  5. #5
    Join Date
    2006-08-22
    Posts
    58
    Rep Power
    14

    Default Re: UTM Comparisons

    Hi all,

    My project will buy Checkpoint VPN-1 Pro but Checkpoint VPN-1 Pro is end of sale. Now, I am going to bye Checkpoint VPN-1 UTM to replace VPN-1 Pro. I want to ask everyone: the function of VPN-1 UTM and VPN-1 Pro is the same or VPN-1 Pro is better than VPN-1 UTM?

    I will put VPN-1 UTM in datagram

    DMZ - VPN-1 UTM - Router gateway - ISP

    Please answer me early. Thank you very much.

    Duy Khang

  6. #6
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Re: UTM Comparisons

    Check Point VPN-1 Pro includes Floodgate/QoS, the UTM includes Anti-Virus and URL filtering. UTM equates to the old ExpressCI

    If you were looking to use QoS on the firewalls then you will need VPN-1 Power.

    Not sure if it will make any difference to you but R55 SMARTCenter can read the license for VPN-1 Power but the UTM license will require NGX R60 HFA-02, or later so if still on R55 and not looking to upgrade then go with Power.

  7. #7
    Join Date
    2006-12-20
    Posts
    91
    Rep Power
    14

    Default Re: UTM Comparisons

    Is it a new purchase or an upgrade?

    UTM bundle is required as it contains one gateway and one management server. As stated by mcnallym, Power will have QoS which is upon your requirement.


    Quote Originally Posted by mylove142 View Post
    Hi all,

    My project will buy Checkpoint VPN-1 Pro but Checkpoint VPN-1 Pro is end of sale. Now, I am going to bye Checkpoint VPN-1 UTM to replace VPN-1 Pro. I want to ask everyone: the function of VPN-1 UTM and VPN-1 Pro is the same or VPN-1 Pro is better than VPN-1 UTM?

    I will put VPN-1 UTM in datagram

    DMZ - VPN-1 UTM - Router gateway - ISP

    Please answer me early. Thank you very much.

    Duy Khang

  8. #8
    Join Date
    2007-01-18
    Location
    London
    Posts
    378
    Rep Power
    14

    Default Re: UTM Comparisons

    I always use this page when I want to check exactly what each part number gives you, in terms of licenses:
    https://pricelist.checkpoint.com/pri...tions/main.jsp

    And from there I usually go:
    https://pricelist.checkpoint.com/pri...enerallist.jsp

    It has list price, modules included and now it even has pictures :)

    BTW for Active/Passive you don't need a ClusterXL license, just like Nick pointed out.

  9. #9
    Join Date
    2006-03-23
    Location
    Harrow, London, UK
    Posts
    11
    Rep Power
    0

    Default Re: UTM Comparisons

    I assume the license for VPN-1 UTM is sold as bundle or is it possible to purchase a single license just for the gateway and manage it by my existing smartcenter. Hence not pay extra money for management license.

  10. #10
    Join Date
    2005-08-29
    Location
    Upstate NY
    Posts
    2,720
    Rep Power
    17

    Default Re: UTM Comparisons

    Both bundled and un-bundled. See:

    https://pricelist.checkpoint.com/pri...=VPN-1Software

  11. #11
    Join Date
    2007-07-16
    Location
    a land down under!
    Posts
    2,015
    Rep Power
    15

    Default Re: UTM Comparisons

    It's really important to note that the UTM-1 Device does not provide a management license that can be installed on a seperate machine i.e. the UTM-1 must run management and module. There used to be an exception for Clustered setups, but I'm not sure that this is still supported.

    Also worth noting is the Management license on a UTM-1 is NOT the same from a feature perspective as a SmartCenter UTM license. UTM-1 license also includes a SNX-5 license and a cut-down Eventia license, as well as SmartView Monitor. What sucks big time is that you get less functionality when you pay more to get a proper distributed setup. Another beautiful quirk of Check Point licensing....

    Another example of Check Point succeeding despite their best efforts and crazy licensing choices...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •