Hi Matt,
I work as a consultant, and I've done some implementations with
ClusterXL Multicast mode with Cisco. One was for a large Fortune 100
company. Cisco switches, Cisco routers, but CheckPoint/Solaris
firewalls.
ClusterXL worked perfectly, in both broadcast and multicast modes. I
remember with switches they just had to configure IGMP groups. But
that was it. I've only seen ClusterXL problems with older equipment
like some old Nortel routers and such.
I think with Cisco gear you should be okay. If you want more details
you can contact me off-list and I'd be happy to share more
experiences.
Side note -- I've had to fight that same battle before (PIX
replacements). It's always worth it. I don't really consider PIX a
true firewall, but that's just my 2 cents :)
Shane
On Mon, 27 Sep 2004 07:54:35 -0700, Matthew Lange <mmlange AT yahoo DOT com>
wrote:
> I need some help here.
>
> I work for a large cash-strapped transportation company here in Minnesota.
> Like a lot of other large shops, we deploy Cisco gear wherever possible -
> including the PIX. We've got about 40,000 employees with revenues of around
> $9B.
>
> An information security group was recently formed here, and one of the first
> decisions we made was to replace our PIX/Gauntlet infrastructure with Check
> Point products. As you can imagine, being cash-strapped requires that we jump
> through many hoops to purchase nearly *anything* (including office supplies -
> seriously).
>
> We were given several assurances by Check Point (corporate AND the local
> office) that they would be available during our initial implementation of the
> product. This empty promise has done little to assure us that we made the
> right decision about firewall technologies for our company, as nobody from
> Check Point has been consistently available to help us. IST (our reseller)
> has been our only source of help.
>
> For the last 2 months, we've been asking (begging, really) Check Point for a
> specific customer reference - a large company using ClusterXL in multicast
> load-share mode, inter-operating with Cisco equipment. Unfortunately, since
> Check Point's sales are channel-based, they have no idea what their customers
> do with the ClusterXL license. Our reseller has no customers willing to talk
> to us about their implementations.
>
> At this point, we're struggling with upper management to keep the Check Point
> infrastructure we've already deployed - they're ready to rip it out and
> replace
> it with Cisco PIXes.
>
> *****
> Here's where I need YOUR help
> *****
>
> If you work at a larger company and can provide some insight (either publicly
> or anonymously) about ClusterXL in multicast load-share mode and how it has
> worked (or not) at your company, it would be greatly appreciated.
>
> Thanks in advance for your help.
>
> Matt
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
