Just to add something else... I'm no fan of UTM-1 appliances just because a big advantage of Check Point over appliance-based firewalls, is precisely the fact that in case of hardware failure, you can get almost any open server, install SPLAT on it and have your firewall up and running again in a matter of minutes , which you can still achieve having a Nokia or Solaris box in production because the licenses used on any of those deployments are the same, but in the case of a UTM-1, the licensing works different and you can't use a UTM-1 license on a regular VPN-1 UTM (over any platform) installation, which for me is the same as having any other appliance. If hardware failure comes up and you don't have a spare box.... be prepared to wait for another box to arrive.
Maybe in the US and other countries, you can pay to get a support contract that guarantees a replacement in a matter of hours or at least NBD (which are anyway expensive), but in my country as in most Latin America (I believe), waiting for a new box to arrive could take two weeks. Regards On 9/26/07, Alan Choyna <[EMAIL PROTECTED]> wrote: > > Another benefit with SPLAT is that since you can spec your own > hardware, you can implement as many ethernet ports as you wish (and > your supported hardware can provide). > > We use 10 interfaces on our HP DL380 G4's, and could add more if required. > > Al > > At 07:04 AM 9/26/2007, Cassell, Damon Z. wrote: > >The most obvious difference between Splat and UTM-1 is that you spec > >and select the hardware that you want to use with Splat. With UTM-1 you > >are using Checkpoint's box. Which, if you open it up, is cheap > >commodity PC hardware anyways, nothing special. > > > >On the other hand, the UTM-1 includes an unlimited user license with > >the box. With Splat, you have to buy your hardware from your hardware > >vendor and a Checkpoint license from your Checkpoint vendor. This can > >make Splat more expensive. > > > >If you are a small or medium sized shop, the UTM-1 isn't a bad choice. > >If you are a shop that already has an investment in a server platform > >(HP, Dell, IBM) and you are really looking closely at performance, > >availability and reliability, then in my opinion Splat is the way to > >go. Just pay attention to the Splat hardware matrix and be sure you > >select a supported server config. Splat can be picky about things like > >RAID controllers. > > > >In terms of HA, they are the same. > > > >Damon > > > > > > > >-----Original Message----- > >From: Mailing list for discussion of Firewall-1 > >[mailto:[EMAIL PROTECTED] On Behalf Of > >RaymondN > >Sent: Tuesday, September 25, 2007 6:42 PM > >To: [email protected] > >Subject: [FW-1] Secure Platform vs UTM-1 > > > >Hi there, > > > >We have been using Nokia Checkpoint firewall solution (w/ Windows > >mgmt server) for many years. We are thinking to buy one new pair of > >firewall enforcement points, and I want some inputs for Secure > >Platform (Splat) vs UTM-1 solutions. We don't use VPN functions at > >all. Just firewalling. If anyone willing to share their inputs > >(pros and cons) between these two options, I would > >appreciate. Thanks in advance. > > > >-raymond > > > >p.s. > >I assume in terms of HA (sync, failover, etc.) both these solutions > >are the same, right? thx. > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
