cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Javad_Nicou
Nickel

Appliance or VSEC VE

Hi ,

I have openserver firewall (R60) and would like to upgrade to R80.10 . the current firewall is internet facing firewall and I would like to enable NGTX blades and web filtering as well .

I unable to use #cpsizeme script because of old version of OS and open-server environment .I also have VSEC VE license which I can use it for this deployment but I would like to choose the right product ( Appliance or VSEC VE ) for this deployment .

400 users (end-point )

5 site to site VPN

15 NATS

15 connected network 

Could you help  me to choose right product .

Thanks in advance for your help .

Tags (3)
0 Kudos
7 Replies
Admin
Admin

Re: Appliance or VSEC VE

What's the throughout of your Internet connection?

That's probably going to be your limiting factor.

Your existing Open Server license can be traded in for whatever option you choose.

What SKU is your VE license? This may also need to be traded in depending on the vintage.

0 Kudos
Javad_Nicou
Nickel

Re: Appliance or VSEC VE

Hi Mate ,

Internet Connection : 300 Mbs 

What do you recommend VE or appliance ? what model of appliance ?

We purchased the VE last week for different scope but I can use it for this priority project .

Cheers ,

Javad

0 Kudos
Highlighted
Admin
Admin

Re: Appliance or VSEC VE

Assuming it's a perimeter gateway, I would go with an appliance to provide protection for your VM farm.

Based on the limited information you provided, the minimum appliance I would go with is a 5600, which does give you some room to grow.

If you have specific interface requirements, or there are significant internal traffic flows through this gateway, that might change the appliance recommendation. 

If you're going to go with VE (what we now call CloudGuard IaaS, or more recently vSEC), I would opt for a 4 core VM, which also gives some room to grow.

Again, if there are significant internal traffic flows through this gateway, that might change this recommendation.

You may also want to consider acquiring both options.

Of course, you should run all of the above (with more detail about your environment) by your Check Point SE, who should be able to provide a more precise recommendation.

Re: Appliance or VSEC VE

I think the best thing to do is to use the CP Appliance Sizing Tool

Three further points to ponder:

- i would go for HA Clustering the GW appliances

- i would use appliances with two PSUs each

- i would use a virtualized (VM) SMS

Re: Appliance or VSEC VE

Keep in mind. There is no sane upgrade path from R60 to R80.10.

It is faster to take the network drawing and build a new policy.

Re: Appliance or VSEC VE

I love it -"sane"... IE: not in your right mind, nor in this physical or ethereal realm.

Alan Stanwyck: "If you reject the proposition, you keep the thousand – and your mouth shut."
Fletch: "Does this proposition entail my dressing up as Little Bo Peep?"
Alan Stanwyck: "It’s nothing of a sexual nature, I assure you."
Fletch: "Yeah, I assure you."
Alan Stanwyck: "One thousand just to listen. I don’t see how you can pass that up, Mister…?"
Fletch: "Nugent. Ted Nugent."
0 Kudos
Admin
Admin

Re: Appliance or VSEC VE

Just to prove the point, here's what the Upgrade Wizard says:

This does not include the steps to get to R65, which I think you can do from R60, but that's merely a guess.