PaulDotCom mailing list archives
Re: Question about firewall
From: David Porcello <DPorcello () vermontmutual com>
Date: Thu, 10 Feb 2011 08:53:46 -0500
Leslie - I've had nightmare experiences with Check Point's UTM line. These appliances suffer from the usual "all in one" syndrome, combined with Check Point's huge QA process cuts and off-shoring of all R&D to Israel over the past few years. Many of the soft blades are based on B-grade technologies from a variety of third-party developers, so you end up with a hodge podge of sub-par components that don't play well together. Some of the highlights: :: Occasional kernel panics, reboots, loss of traffic, and 15-minute CPU saturation during policy installs. After 12 months of troubleshooting and replacement of *all* UTM hardware, Check Point recommended to move the Smartcenter to HP hardware. It's been fine since. :: IPS blade dropping traffic when in monitor-only mode. Escalated to R&D in Israel, closed ticket with no resolution after 3+ months. :: AV scanner dropping all HTTP traffic when certain features enabled. No resolution. :: Check Point unable to get the Eventia reporting or QoS blades working in any capacity (!) after 6+ months of troubleshooting. Overall, it's been a blast! =) We ended up scrapping everything except the basic firewall blade, and I'm currently evaluating (and am very impressed with) Palo Alto firewalls as an alternative. Dave. From: pauldotcom-bounces () pdc-mail pauldotcom com [mailto:pauldotcom-bounces () pdc-mail pauldotcom com] On Behalf Of leslie l Sent: Tuesday, February 08, 2011 8:31 PM To: pauldotcom () pdc-mail pauldotcom com Subject: [Pauldotcom] Question about firewall What does everyone think about a Check Point UTM-1 2050 firewall? ________________________________ NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited. Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any loss or damage arising if such a virus or defect exists.
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- 1Password for Mac issue k41zen Me (Feb 08)
- Re: 1Password for Mac issue byte . bucket (Feb 08)
- Re: 1Password for Mac issue k41zen Me (Feb 08)
- Question about firewall leslie l (Feb 09)
- Re: Question about firewall Stefan Springer (Feb 09)
- Re: Question about firewall David Porcello (Feb 10)
- Re: Question about firewall Jack Daniel (Feb 10)
- Re: 1Password for Mac issue Professor Thread (Feb 09)
- Re: 1Password for Mac issue k41zen Me (Feb 08)
- Re: 1Password for Mac issue byte . bucket (Feb 08)
- Re: 1Password for Mac issue Alex Wood (Feb 08)