Re: [FW-1] Next version of Checkpoint firewall

[Ray Pesek [Permanent Link]]

You forgot to mention that the SecurePlatform license is included as part of
the Firewall-1 software. SecurePlatform is a pre-hardened operating system
for the firewall to run on. No Windows install, no Linux install, just
SecurePlatform as the operating system.

A plain old firewall, like Pix, is similar to the guard shack at the
entrance to a gated community. The guard can look through the windows,
provided they are not tinted too bad, and see who the driver looks like, the
license number, and where they claim they are going inside the community.

The application layer part allows the guard to look in the glove
compartment, inside the trunk, inside the door panels and also follow the
car to make sure it is really going where it says it is going. When you  are
thinly staffed, you need to make the technology more robust and capable.

Ray


> From: Andrew Singer <asinger AT US.CHECKPOINT DOT COM>
> Reply-To: Mailing list for discussion of Firewall-1
> <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Next version of Checkpoint firewall
> Date: Tue, 30 Mar 2004 17:49:33 -0500
>
> I wanted to respond to the original posting by Rich. I understand that
> you have some questions about Check Point and how to upgrade from 3.0b.
> I can understand that you might not want to go through the process of
> talking with account rep so perhaps I can answer some of your questions
> for you in this forum.
>
>
>
> Question: "We have been running Checkpoint FW-1 version 3.0a for at
> least two years. I am looking into upgrading, since we can no longer
> successfully export the logs without choking the server.  What are our
> options?"
>
>
>
> Answer: First it seems like your primary reason for wanting to upgrade
> is due to the fact that exporting the logs causes some issues. So where
> do you want to export the logs to? Perhaps I can make a few suggestions
> as to what you can do with our latest release.  Check Point has
> significantly improved its log exporting capabilities since 3.0a and we
> offer many logging and reporting applications which run either on the
> management server or on a separate logging and reporting server.
>
>
>
> Question: "Also if someone can give me a ballpark idea on how much the
> upgrade would cost for a small network with 25 servers and 85 users.  I
> am attempting to piece together a plan for our future, I have not been
> the firewall manager in the past (that employee left) and am not
> Checkpoint certified."
>
>
>
> Answer: So what kind of hardware are you running today? You very well
> might be able to leverage your existing hardware to be used in an
> upgrade, if not there are other options like SecurePlatform which is our
> secure Linux-based operating system which installs in about two minutes.
> Judging by the size of your environment, if you have a small to
> medium-sized intel-based machine that you are not using you can turn
> this into your firewall by using SecurePlatform. If not then the cost
> for one would be around 1K, but this is just a ballpark figure. I am not
> going to go into all of the details of the install process but let's
> just say it's easy.
>
>
>
> As for security,  well I work for Check Point so I am biased and you
> asked for a non biased opinion so you can take or leave what I
> say..Application attacks dominate the internet today. You can not come
> any where near the level of security that a Check Point firewall can
> provide if you go with a Cisco PIX. Cisco does not have any
> application-layer security technologies in any of its devices. Take a
> look at this article for a 3rd party opinion.
>
>
>
> http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss346_art660,00.
> html
>
>
>
> You will notice that Cisco is not included in this review that is
> because they declined to participate as they don't have
> application-layer security in their security devices. Ok, I'm done :-)
>
>
>
> -Andy
>
>
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Marsh,
> Richard
> Sent: Monday, March 29, 2004 11:13 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Next version of Checkpoint firewall
>
>
>
> It's funny you mention that I am actually trying to build a case to
> abandon
> our current firewall in favor of a PIX 506E.  Do you know of any
> independent
> sites (resources) that make similar recommendations.  I would really
> like to
> see us adopt a PIX but I need a credible and non-biased argument.  This
> email you sent me will be included, but I fear I need more concrete
> (non-biased) opinion to sway the decision maker.  Thank you very much
> for
> your candor and response.
>
> -----Original Message-----
> From: Covington, Chris [mailto:ccovington AT PLUSONE DOT COM]
> Sent: Monday, March 29, 2004 10:18 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Next version of Checkpoint firewall
>
> I would just go buy a $900 Cisco PIX 506E and be done with it.  The
> latest Check Point products are going to require new hardware and the
> software itself is very expensive.  You could look into Check Point /
> Nokia appliances also, but they're also going to be very expensive.
>
> Chris
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Marsh,
> Richard
> Sent: Monday, March 29, 2004 9:32 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Next version of Checkpoint firewall
>
> We have been running Checkpoint FW-1 version 3.0a  for at least two
> years.
> I am looking into upgrading, since we can no longer successfully export
> the
> logs without choking the server.  What are our options?  Also if someone
>
> can
> give me a ballpark idea on how much the upgrade would cost for a small
> network with 25 servers and 85 users.  I am attempting to piece together
>
> a
> plan for our future, I have not been the firewall manager in the past
> (that
> employee left) and am not Checkpoint certified. Any help, information
> ideas,
> you can give would be appreciated.  At this point I am just gathering
> facts
> and getting involved with Checkpoint and a formal quote from a sales
> associate would not be in either one of our best interests.   Thanks in
> advance.
>
>
>
> Sincerely,
>
>
>
> Rich Marsh
>
>
>
> "It is our attitude at the beginning of a difficult task which, more
> than
> anything else, will affect its successful outcome."
>
> William James
> 1842-1910
>
> http://plato.stanford.edu/entries/james/
> <http://plato.stanford.edu/entries/james/>
>
>
>
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar ? get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================