Hi All,
Sorry for not being a part of this thread earlier, real life kind of
caught up with me. Regarding CheckPoint over Linux, here are some nice
facts that you should know about:
1. CheckPoint supports RH6.0 and 6.1, officially. However, I've been
seeing installations run on MDK, Debian, SuSE and more. They all work
fine, giving similar results.
2. In terms of performance, Linux tops the OS market in this field.
Latest tests that were done at CP had shown that Linux in some
protocols may be 100% more efficient than Solaris and about
500% more efficient than NT (why do I not find that amazing :->).
3. I've noticed some problems when using a vanilla kernel, due to some
issues with certain type of eepro100 cards and wake-on-lan issues.
4. With all things about the CheckPoint and Linux are very nice, here is
something which is not very nice. Aparently, FW-1 has some problems
when dealing with a Limited-IP license. CheckPoint grants the license
for the firewall, according to the number of IP's that you use.
For no aparent reason, when working with a limited IP license, the
kernel tends to panic after some time, while when working with an
evaluation license or unlimited license, there is no problem.
I've done some digging, and aparently it may be something in the
State-Tables, but this is not certain yet.
5. There are Linux based CP appliances, like the products that
intrusion.com have. These are SOHO firewalls, buily on RH7 and
the 2.2.17 kernel, with a trimmed down version of CP on them,
limiting to a very small number of IP's, and a closed appliance.
6. There is currently NO GUI for linux. Bare in mind that even on Solaris
the advanced GUI uses Motif and the normal GUI is absolutely SHITTY.
So I say, put the GUI client on some beat-up Winblowz machine, and
manage it from there. Or if you want, do what I do, use VMware :-)
7. There are a lot of companies in Israel that support and sell
CheckPoint solutions. I work for artNET experts, and we have been
dealing with CheckPoint products for about 2.5 years now, and Linux
based products for about 1.5 years now (bare in mind that artnet is
only 3 years old).
If anyone needs contact information, they are welcome to contact me by
email, and I'll give you a sales contact whom you can talk to.
Best regards,
Nir Simionovich, GoldenLines ISP Dev. Team
SAIR/GNU Certified LCA (447614)
SAIR/GNU Certified LCI
artNET experts Ltd.
e-mail: [EMAIL PROTECTED], [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
