Anyone here use Cherkpoint?
08 July 2002, 02:09 PM
#2
Scooby Regular
Deano
The only comparisons I've seen are from other vendors (Netscreen etc)....or from Checkpoint themselves
http://www.checkpoint.com/products/c...ms_matrix.html
What info are you specifically looking for ?
Jeff
[Edited by Jeff Wiltshire - 8/7/2002 2:22:30 PM]
The only comparisons I've seen are from other vendors (Netscreen etc)....or from Checkpoint themselves
http://www.checkpoint.com/products/c...ms_matrix.html
What info are you specifically looking for ?
Jeff
[Edited by Jeff Wiltshire - 8/7/2002 2:22:30 PM]
07 August 2002, 10:19 AM
#3
Scooby Regular
Join Date: Oct 2000
Location: the fastest rentals in town......0-100mph in 10 seconds
Posts: 1,401
Likes: 0
Received 0 Likes
on
0 Posts
How do you extend the interval of the timeout in a NAT to prevent a hidden UDP connection from losing it's port?
07 August 2002, 11:20 AM
#4
Scooby Regular
Start Policy Editor
Select Policy from the top menu
Properties tab from the drop down. (ie 'Rule 0')
UDP session timeout is near the top of the first page (security policy) and the default is 40 secs.
You'll need to install the policy for this to take effect.
This is on FW-1 4.1 not sure its the same for NG ....haven't got an NG box here to check.
Jeff
Select Policy from the top menu
Properties tab from the drop down. (ie 'Rule 0')
UDP session timeout is near the top of the first page (security policy) and the default is 40 secs.
You'll need to install the policy for this to take effect.
This is on FW-1 4.1 not sure its the same for NG ....haven't got an NG box here to check.
Jeff
07 August 2002, 02:28 PM
#6
Scooby Regular
Thread Starter
Join Date: Mar 1999
Posts: 4,518
Likes: 0
Received 0 Likes
on
0 Posts
Will 1 Pair (either Load balanced or Active/Stby) hack 1/2 Gig of traffic with a reasonable rule set (nothing silly but not trivial) and PAT'ing the lot against a selection of addresses. Probably of the order of 400K connections ?
I'm being told things which I'd like to independantly verify
I'm also being told to buy Cisco Content Switches to load balance across them. Seems like overkill to me.
Any thoughts appreciated.
Deano
I'm being told things which I'd like to independantly verify
I'm also being told to buy Cisco Content Switches to load balance across them. Seems like overkill to me.
Any thoughts appreciated.
Deano
07 August 2002, 02:39 PM
#7
Scooby Regular
Well......
I have to say that once traffic levels are up above 200Mbps I would normally go towards a Netscreen solution (although Cisco Pix 535 is mean't to do it)...
Have a look at
http://www.netscreen.com/products/pdf/Tolly_NS5200.pdf
or
http://www.crossbeamsystems.com if you still want to use Checkpoint.
Using a L3-L7 switch would give a better resiliance but I would look at Foundry, Alteon (Nortel) or Extreme Networks kit.
Jeff
I have to say that once traffic levels are up above 200Mbps I would normally go towards a Netscreen solution (although Cisco Pix 535 is mean't to do it)...
Have a look at
http://www.netscreen.com/products/pdf/Tolly_NS5200.pdf
or
http://www.crossbeamsystems.com if you still want to use Checkpoint.
Using a L3-L7 switch would give a better resiliance but I would look at Foundry, Alteon (Nortel) or Extreme Networks kit.
Jeff
Trending Topics
07 August 2002, 03:28 PM
#8
Scooby Regular
Thread Starter
Join Date: Mar 1999
Posts: 4,518
Likes: 0
Received 0 Likes
on
0 Posts
Gigabit + Pix are dirty words here now. We've had to downgrade to FE to get stability.
We have to go with corporate policy (i.e what is supportable by existing teams) so its Nokia/Fw-1 or Pix.
A simple subtraction leaves....
Thanks for the links - I'll have a look.
Ta
Deano
We have to go with corporate policy (i.e what is supportable by existing teams) so its Nokia/Fw-1 or Pix.
A simple subtraction leaves....
Thanks for the links - I'll have a look.
Ta
Deano
07 August 2002, 03:32 PM
#9
Scooby Regular
Deano
I reckon that a pair of IP740s (or even IP710) would cope in load balanced (not so sure about standby). If you use a good L3 switch it should work well....
The Crossbeam X40 would be interesting though (4Gbps throughput!)
PIX is not my personel cup of tea......
Jeff
I reckon that a pair of IP740s (or even IP710) would cope in load balanced (not so sure about standby). If you use a good L3 switch it should work well....
The Crossbeam X40 would be interesting though (4Gbps throughput!)
PIX is not my personel cup of tea......
Jeff
