VPN Evaluation
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: VPN Evaluation

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Question VPN Evaluation

    We are about to start an evaluation of the VPN solution offered by Checkpoint. Checkpoints product VPN-1 is a plug-in / bolt-on to it's firewall, FW-1 and according to the 'marketing' material it is rated very high in security. I was wondering if any of the members here were currently using this product and what their thoughts were. Comments from you people will mean a lot more to me than the marketing material. So...let me know your thoughts, the pro's and con's of the product, any items I should consider while doing the evaluation, any tips on the configuration of the product...etc.

    Any and all comments are appreciated.

    Cheers:
    DjM

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    I'm sure it works very well, but have you not considered a cheaper option (i.e. everything?)

    My old company used to use CIPE on some old Linux boxes, and abandoned it for a commercial alternative (Watchguard) which immediately broke and caused all sorts of problems.

    More expensive doesn't necessarily mean better quality. I'm not recommending CIPE here, just using it as an example. There are heaps of commercial options, all of which are probably cheaper than FW1. Unless you already have a lot of FW1 infrastructure, I'd recommend at least investigating the alternatives.

  3. #3
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    We used it for a while and it seemed worked well (We only had limited distribution). We are now using Cisco's VPN concentrator and client. The only reason we switched is because we also switch firewalls from FW1 to PIX.
    Work... Some days it's just not worth chewing through the restraints...

  4. #4
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by slarty
    Unless you already have a lot of FW1 infrastructure
    Thanks slarty, but we do in fact have a lot Checkpoint infrastructure, that's why we are checking out VPN-1. That does not rule out the option of looking at other alternatives, but we are currently happy with the products and support we are getting from Checkpoint and would like to think this is a good solution.


    Cheers:
    DjM

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    DjM:

    first of all, check this link, u'll find that there's a lot of problem to communicate between CISCO & Checkpoint products.

    just go to CISCO eForum, search for " Checkpoint "
    there u are, many users with problems between Checkpoint VPN and CISCO PIX !!

    u can check this as well:

    from cisco site:

    http://www.cisco.com/warp/public/vpn/ttalk

    How compatible is your VPN router with a Checkpoint Firewall?
    Compatibility with Checkpoint VPN solutions has not been tested. Theoretically, they should be able to communicate using an IPsec Main Mode tunnel.


    but, if u asked me my openion, then:

    i didn't try Checkpoint but as i've found out from searching the net and reading some Lab testings, Check Point is very much reserved for top-end, enterprise level networks, both in price and in the things it does.
    but cinse u started with Checkpoint , then it's better to continue with them .. although i prefer CISCO

    good luck

    bimmer

  6. #6
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    Maybe I was misunderstood. I was not suggesting he use FW1 VPN client to connect to a Cisco PIX. I firmly believe in keeping vendor stuff together. We were using FW1 VPN client with a FW1 firewall and it worked well. Even though we still have our FW1 firewall for VPN we are now using a Cisco 3030 VPN concentrator in parallel with the firewall and using the Cisco VPN client to connect to it. This setup also works very well.
    Work... Some days it's just not worth chewing through the restraints...

  7. #7
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by mmelby
    Maybe I was misunderstood. I was not suggesting he use FW1 VPN client to connect to a Cisco PIX. I firmly believe in keeping vendor stuff together. We were using FW1 VPN client with a FW1 firewall and it worked well. Even though we still have our FW1 firewall for VPN we are now using a Cisco 3030 VPN concentrator in parallel with the firewall and using the Cisco VPN client to connect to it. This setup also works very well.
    Well mmelby, you are likely in the best position to rate FW1's VPN. If you had to throw one of your VPN solutions out, which one would it be and why?

    In your opinion, what would you say is the biggest weakness in FW1's VPN solution.

    Which solution do you clients seem to prefer (user-friendliness)?

    Thanks for your comments mmelby.


    Cheers:
    DjM

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    I have TONS of experience with both Checkpoint and Cisco VPN's and could probably answer many questions you might have. Although I am not going to just ramble on about either product, I can tell you that you will be very happy with the VPN-1 if you are already familiar with Checkpoint Firewalls. IMHO Checkpoint has the best overall VPN product on the market.

    Let me know specifically what you would like to know and I will gladly help.

  9. #9
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by iNViCTuS
    I have TONS of experience with both Checkpoint and Cisco VPN's and could probably answer many questions you might have. Although I am not going to just ramble on about either product, I can tell you that you will be very happy with the VPN-1 if you are already familiar with Checkpoint Firewalls. IMHO Checkpoint has the best overall VPN product on the market.

    Let me know specifically what you would like to know and I will gladly help.
    Thanks iNViCTuS, I have been told that (now I know I am going to screw this up), VPN-1 has a "dual" tunnel feature with a 'firewall' between them. With this feature, a user could be out surfing the net through one tunnel and VPN'ed into our network with the other tunnel. The 'firewall' prevents anything from the internet tunnel to get to the VPN tunnel.

    1) Is this true?
    2) Have you tested it?

    Cheers:
    DjM

  10. #10
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    DjM, I think both solutions are secure. On FW1 we were running an older version (4.x I think) and it did not have the dual tunnel capability that you mention. I do not know if the new version has this. The change to Cisco was somewhat political as we are a Cisco shop in all our other network equipment.

    I do think that our current solution of seperating the firewall from the VPN is more scallable as our Internet usage and VPN connectivity ( both client and site to site ) are increasing rapidly. We are adding 3 more T1's to take the increase. I also like the fact that we can "brand" and preconfigure the Cisco VPN client. It makes installation and support much easier.
    Work... Some days it's just not worth chewing through the restraints...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •