Hi Alex, In my opinion, the standalone option should rarely, if ever be used. Historically Checkpoint used to sell two different licenses: standalone and distributed. The distributed used to be more expensive and therefore, most small to medium sized companies went for the standalone option. These days however, the license is the same, therefore, I would always go for a distributed environment due to its many advantages: 1) As Ray mentioned, you have two separate platforms, therefore if the management goes down, the firewall will still be operating. 2) Having two platforms means you can have a windows server as a Management server while the firewall can be any platform of your choice (hopefully not windows!). This allows for ease of use and manageability since most organisations are familiar with windows and backing it up etc. 3) Again, as Ray mentioned, having two servers can offload all unnecessary tasks from the firewall therefore allowing the firewall to be more responsive. 4) A very important advantage of distributed is to be able to manage more than one firewall from a single Management Station. i.e. you will have only one management station (reduced cost by having only one machine and also the license cost will be cheaper) and as many firewalls as you want (only limited by the license type). In our case we have several firewall modules in many locations around the world and one single management station. We only need to backup this single management station since all the rules and databases are on it. With Standalone, each firewall needs its own management station on the same machine - a nightmare.
The only time you would use standalone is when you have an internal firewall (i.e. not your perimeter firewall) and want to manage it separately from all the other firewalls and do not want to have to use two different hardware machines. Even then, I think it is wiser to invest a little more in hardware. Hope this helps you with your decision. Regards, Girard Moussa Technology Security Analyst -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Alexander Simbun Sent: Saturday, 27 November 2004 2:51 PM To: [EMAIL PROTECTED] Subject: [FW-1] Deployement type Hi, Just a general question about firewall deployment, what are advantages between standalone and distributed deployment for a firewall in a network? Regards, Alex Simbun ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
