September 8th, 2006, 09:09 AM
Let's go shopping: Nokia Firewalls
Hi, I'm going to buy a Nokia Firewall. Actually, I'm plannig to buy two of them so I can build some kind of high avaibility cluster. My candidates are IP260 or IP265 or, if the budget allows it, IP390. What I've been seeing is that the main difference between 260 and 265 is that 260 has an HDD and 265 doesn't. The 390 can be configured with or without HDD as well. I'm coming from an old nokia IP110 that did have HDD. What I can't imagine is what is a diskless configuration usefull for, I mean, since the diskless (flash memory based) configurations have much less space avaible I guess you should use an external machine in order to be able to collect the logs and other stuff? As you can see I'm pretty lose on that one so I will appreciate any comment about it.
Thank you all.
September 8th, 2006, 10:51 AM
Actually, the firewall on a Nokia is Checkpoint/FW1. You can use the Checkpoint management software to collect the logs, manage rules etc.
Nokia just makes the hardware and the OS (IPSO) to run Checkpoint (firewall) or ISS RealSecure (IDS).
Experience is something you don't get until just after you need it.
September 8th, 2006, 11:02 AM
Yes, I know, as I said I've been dealing with a IP110 Nokia Firewall until know. It had its own HDD so everyting was stored in the firewall.
Actually, the firewall on a Nokia is Checkpoint/FW1.
What I'm wondering now is hoe it works in a diskless configuration and what's best.
September 8th, 2006, 02:54 PM
We've used Nokia firewalls for a few years now (quite a few of them). Go for the flash if you can afford it, we've had semi-frequent issues with the hdd crashing. While we've been fairly content with them, the one thing that we have noticed over the last couple of years is a serious decline in support/development of its OS (IPSO) and a complete failure to stay up on newer hardware (We have 350's and 1440's and 380's)...if you strip open a 350 its a PIII limited to 512 MB of memory...It may not matter if you are running a smaller office; however, we've had frequent problems with the connection count ceiling being reached (the maximum # of connections held by the state-table in checkpoint, with any new connections beyond that limit being dropped as a form of DoS protection) and are limited from increasing the limit on connections higher not by checkpoint but by physical memory limitations. On a more positive note, when we made the original decision a few years ago, there wasn't as big of a gap in performance and we were lured by Nokia offering Clustering/HA for free (versus paying for it with Checkpoints ClusterXL). So if you are looking at playing with Clustering and HA, it might be a decent choice for you, but if you compare what a Nokia costs + the Checkpoint license, versus a generic server running SPLAT with ClusterXL, I think you'll find that the performance and price are better with the generic server...
We've been looking into switching out our firewalls with a generic server (with no processor/memory limitations, or at least not any that would cause us performance issues) and running Checkpoint's SPLAT. So far the results, using Sun's Xfire series with AMD opteron chips (they can start as little as $750) have been stellar and are quite a bit cheaper than using the Nokia's (don't forget, you are still going to have to pay for the Checkpoint license if that is your intention, and they aren't cheap).
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
September 8th, 2006, 09:52 PM
How much doest it cost for IP 390? I've been using very old nokia firewall IP 330 and I've installed m0n0wall in it, it's been running ok for the past 6 month (this firewall protecting my 31 websites and mail server).
September 14th, 2006, 09:08 AM
I undesrtand that, but then you loose a lot of memory volume (1 GB flash vs 40 GB hdd).
Go for the flash if you can afford it, we've had semi-frequent issues with the hdd crashing
I still don't have a formal budget but you can check it out in froogle so you can have some prices...
How much doest it cost for IP 390