What OS for checkpoint?

[Sgt_B]

Right now we're running Checkpoint 4.1 under Windows NT. I was wondering what the benefits would be to running it on a different OS. I'm a total newb to any *nix system (I just installed FreeBSD for the first time today). So what would the benefits or drawbacks be for installing checkpoint (or any other FW software for that matter) on an OS other than Windows?
Thanks!

[bombayofpigs]

nt bad...

if you are running 4.1 on nokia i would recommend solaris. otherwise you better make sure nt is stripped/locked down.

[droby10]

if you are running 4.1 on nokia i would recommend solaris.

i thought the nokia boxes ran ipso?

one advantage is that in cases where the firewall has to be configured to allow for transmissions to meet a certain functionality, the underlying os is vulnerable. for instance if you were running IIS on the same host as the firewall (why anyone would do this is beyond me)...allowed for inbound http connections and subsequent traffic...this is not a debate on security factors of IIS vs. apache - but you get the point.

another is performance - the network throughput of a nokia box over a pc or sun server is unmatched. similarly, (depending on the specs of the boxes) i would estimate the same gain in performance of a sun server over a pc server. - so choice of OS in the case of FW1, usually indicates hardware differences as well.

a drawback might be an unfamiliarity with both the security features of the chosen OS, as well as the particulars differences in management interface for FW1.

[iNViCTuS]

Yes...Nokia boxes do run IPSO which is really a hardened version of FreeBSD.

But back to he original question...If you are running Checkpoint on NT, I am sure you are astonished by the amazing performance, especially in the logviewer (JOKE). Nokia for Checkpoint will pretty much resolve these issues, and if you have separate management and logging, go with Solaris.

However, by far the est performance you will get out of Checkpoint is by running it on RedHat Linux. And it is definately cheaper than a Sun box. Also, don't worry about it being difficult. Especially with Nokia, you don't really even need to know unix, because everything is configured through a web interface, with the exception of the cpconfig which is easy)

[Sgt_B]

Hey thanks for all the help. I might end up putting it on a RH Linux box. I've been messing around with that a while now. At any rate, its the only solution that doesn't cost any money, and I doubt I'd get the approval for anything else.

Thanks again for all the help.