This may end up being a case for "Be careful what you wish for". Do you truly want/need SSL terminations on the gateway? There are plenty of other good products out there that do it and would do it better than Check Point. Juniper, Citrix, F5...etc. You also have that single point of failure to deal with (I know the SSL won't work if the gateway is down). And then there's that whole Defense in Depth thought, maintaining that you have separate vendors guarding the perimeter.
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Cassell, Damon Z. Sent: Thursday, March 08, 2007 10:15 AM To: [email protected] Subject: Re: [FW-1] R60 with HFA or upgrade to NGX R62? I also have been wishing for a long time that Checkpoint would offer SSL termination on gateways. Hope this comes through. I have also had to fall back on Microsoft ISA for SSL termination. Damon Cassell -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray Sent: Wednesday, March 07, 2007 6:31 PM To: [email protected] Subject: Re: [FW-1] R60 with HFA or upgrade to NGX R62? >SSL termination requires CPU power. And usually a lot of it. So I am rather >cautious here. I always thought that the lack of SSL termination is one of the biggest holes in FW-1 there could be. I stuck in a Microsoft ISA server behind FW-1 and one of the reasons was that it does SSL termination. I think there's a VPN Accelerator card now that supports SSL, which would also help Visitor Mode performance. Ray _________________________________________________________________ Mortgage rates as low as 4.625% - Refinance $150,000 loan for $579 a month. Intro*Terms https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&s earch=mortgage_text_links_88_h27f6&disc=y&vers=743&s=4056&p=5117 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
