PaulDotCom mailing list archives

Re: Question about firewall

From: David Porcello <DPorcello () vermontmutual com>
Date: Thu, 10 Feb 2011 08:53:46 -0500

Leslie - I've had nightmare experiences with Check Point's UTM line. These appliances suffer from the usual "all in 
one" syndrome, combined with Check Point's huge QA process cuts and off-shoring of all R&D to Israel over the past few 
years. Many of the soft blades are based on B-grade technologies from a variety of third-party developers, so you end 
up with a hodge podge of sub-par components that don't play well together.

Some of the highlights:

:: Occasional kernel panics, reboots, loss of traffic, and 15-minute CPU saturation during policy installs. After 12 
months of troubleshooting and replacement of *all* UTM hardware, Check Point recommended to move the Smartcenter to HP 
hardware. It's been fine since.

:: IPS blade dropping traffic when in monitor-only mode. Escalated to R&D in Israel, closed ticket with no resolution 
after 3+ months.

:: AV scanner dropping all HTTP traffic when certain features enabled. No resolution.

:: Check Point unable to get the Eventia reporting or QoS blades working in any capacity (!) after 6+ months of 
troubleshooting.

Overall, it's been a blast! =)

We ended up scrapping everything except the basic firewall blade, and I'm currently evaluating (and am very impressed 
with) Palo Alto firewalls as an alternative.
Dave.



From: pauldotcom-bounces () pdc-mail pauldotcom com [mailto:pauldotcom-bounces () pdc-mail pauldotcom com] On Behalf Of 
leslie l
Sent: Tuesday, February 08, 2011 8:31 PM
To: pauldotcom () pdc-mail pauldotcom com
Subject: [Pauldotcom] Question about firewall



What does everyone think about a Check Point UTM-1 2050 firewall?

________________________________
NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named 
above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender 
immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are 
not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, 
distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited.

Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the 
responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any 
loss or damage arising if such a virus or defect exists.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

1Password for Mac issue k41zen Me (Feb 08)
- Re: 1Password for Mac issue byte . bucket (Feb 08)
  - Re: 1Password for Mac issue k41zen Me (Feb 08)
    - Question about firewall leslie l (Feb 09)
    - Re: Question about firewall Stefan Springer (Feb 09)
    - Re: Question about firewall David Porcello (Feb 10)
    - Re: Question about firewall Jack Daniel (Feb 10)
    - Re: 1Password for Mac issue Professor Thread (Feb 09)
- Re: 1Password for Mac issue Alex Wood (Feb 08)