Educause Security Discussion mailing list archives
Checkpoint 13500 Next Generation Firewall/Security
From: Timothy Pierson <Timothy.Pierson () LIVE COM>
Date: Fri, 5 Dec 2014 14:03:35 -0600
Greetings, I am not sure if this is the place to post this query, however it seems the likely place to start. We have purchased Checkpoint's Next Generation Firewall/Security Appliance. The model is 13500 and we have the 11 software blade suite with application and DLP services. Early September we turned the application security blade service on and it took our internet connection out, dropping the overall throughput from 750 Mbs to less than 50 Mbs. Naturally this had us turning the application service off and engaging checkpoint. After a couple of months, the issue, albeit somewhat improved, is not resolved to where it continues to significantly throttle our throughput, with massive packet drop and overall inferior end user experience. We are not performing any blocking, we have merely turned the software blade feature. Checkpoint had not been able to resolve the issue and spent a couple of months not even knowing what the problem was and were sure it is because of the unusual traffic patterns from our RESNET. One of the things I asked was if there were any Institutions equal to or greater than 14,000 students, with a significant resident hall presence, that was using the Checkpoint 13500, with the 11 security feature suite, with application and DLP services. Their response was that they did in fact have customers, however none of them would care to share their experience with this product and feature set. Knowing our constituencies, I am a little skeptical of this, as I have never had a circumstance where there was an unwillingness to share common experiences. I would like to ask if anyone is using this product, configured similarly to above, and what your experience was in hopes of hearing of a work around or fix. The feeling is that the resnet traffic, which is 29% Netflix and 24% software download (gaming, MS, Apple or other updates), and other student behavior is at the root of the Checkpoint system going "belly up" under minimal load. I would appreciate hearing within this forum or privately, from anyone who might have some experience with this product. Thank You, Tim Pierson DCIO Tenn Tech University
Current thread:
- Checkpoint 13500 Next Generation Firewall/Security Timothy Pierson (Dec 05)
- Re: Checkpoint 13500 Next Generation Firewall/Security Ian McDonald (Dec 06)
- Re: Checkpoint 13500 Next Generation Firewall/Security Timothy Pierson (Dec 08)
- Re: Checkpoint 13500 Next Generation Firewall/Security Flynn, Gary - flynngn (Dec 08)
- <Possible follow-ups>
- Checkpoint 13500 Next Generation Firewall/Security Boyd, Daniel (Dec 08)
- Re: Checkpoint 13500 Next Generation Firewall/Security Timothy Pierson (Dec 08)
- Re: Checkpoint 13500 Next Generation Firewall/Security Robert Rudloff (Dec 08)
- Re: Checkpoint 13500 Next Generation Firewall/Security Ian McDonald (Dec 06)