Well, the point of my post wasn't to bash Checkpoint for their policies. I just mentioned that it was difficult to get things working without any support or documentation.
I asked a fairly simple question (which unfortunately wasn't answered): Will CPNG VPNs fail if the license isn't assigned to the external IP but to an internal interface instead ? I know that central licensing would make this question moot, but again, I don't have full control over this FW, and didn't set it up. Plus, it's a single gateway setup, and I don't know if CPNG supports that style of licensing w/o an enterprise license and separate mgmt station (I believe it requires this, but again, no access to current documentation). I could probably get this particular info elsewhere, but it's sort of moot now (see below).
Your point about someone having to pay for the support is obvious. In this case the customer who bought Checkpoint is paying for the support, although in this case they don't have the time/expertise to administrate the FW, and are unable/unwilling to add my user center account to their contract so I can access the support (if this is even possible, which I presume it is).
Providing or not providing worthwhile support (even current product documentation) to the public (people without a contract) is Checkpoint's prerogative. Market forces will determine whether this is a good policy or not.
In this case, the VPN had to be brought up quickly. After banging my head on a not very well installed/set-up CPNG installation, and not having access to support/documentation, or time/authority to do a complete reinstall on this production firewall, and not getting any answers to my specific problem in this and other forums, or on Phoneboy, I gave up on it.
I put a Cisco router in place and had the VPN up in a matter of minutes. In this particular case, I don't think Checkpoint's policies were good for them as a company, since lack of information/support forced me to go to another vendor. Capitolism/market forces at work.
What's worse is that I'm pretty experienced with CP FW-1, having worked with it since FW-1 3.0b in 1995 or so. I can't say I've had as much experience with CPNG, however, since I didn't adopt it immediatly when first released. By the time I judged it mature enough to use, I was at a different job which didn't use Checkpoint. I was sort of hoping that by now, CP would have put in some code to make FW/VPN-1 a bit less 'finicky' about things like the IP of the FW object, licensing, etc, but alas, it seems they haven't.
- Jim
Edwin Davidson wrote:
having access to the 'real' CP KB, or any CPNG docs didn't help much either (Can't believe CP doesn't even let you download docs w/o a contract).
Suprised CP doesn't do something to resolve issues like this. It'd make life easier on people who have to support their product, and likely significantly reduce their tech support call volume.
- Jim
Nothing is free. Someone is paying. So you want those of us who pay for access/support/maintenance to cover the cost of free access for those who don't pay? Maybe if Checkpoint were based in a socialist or communist country the would provide this. I'm personally glad that they are not.
Check out phoneboy.com for free *support* on Checkpoint FW1.
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
