This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sam2
Contributor
‎2023-05-04 10:09 AM
Jump to solution

Exploring the idea of moving away from CP HW to Open Server or VMs

Hi All,

I was asked to looking into cost saving opportunities and I'm curious about the idea of either plugging into our server farms and running the firewalls as VMs, or buying open servers to run as appliances where it makes sense.

Has anyone done a similar exercise? Any lessons learned?

From my research online it looks like you can get more bang for you buck with and Open Server, but you lose the convenience that comes with having premium support for RMA.

Thanks!

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-05-04 12:41 PM
Jump to solution

For gateways, it really depends on what assets you're protecting, where they are hosted, and the performance requirements as to whether you should use a VM, Open Server (Hardware), or a Check Point appliance.

In general, Open Server gateways (also applies to VMs):

  • Must be licensed for the number of processor cores you want to use
  • For Open Server hardware, we only guarantee support for three years
  • Have a higher support cost

Also, some features are only supported on Check Point appliances (e.g. Hyperflow in R81.20, Dynamic Balancing in R81+).

View solution in original post

4 Replies
the_rock
Legend
Legend
‎2023-05-04 10:19 AM
Jump to solution

Thats honestly the biggest downside, you definitely would lose that convenience. I know lots of clients who run CP on open servers and they are pretty happy with it. In my experience, they dont break often, so you would probably be fine.

0 Kudos
G_W_Albrecht
Legend
Legend
‎2023-05-04 10:36 AM
Jump to solution

It just depends. Running the SMS as a VM is a best practice i.m.h.o. GW VMs are often used for central sites and Service Providers but need redundant HW and backups. Clustering Open Server is a mixed thing - if 1 node is broken, getting the same HW again may be between p.i.t.a. to unavailable anymore. If VPN to a lot of own remote sites is needed, CP HW & RMA can be the best solution.

CCSE CCTE CCSM SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-04 12:41 PM
Jump to solution

For gateways, it really depends on what assets you're protecting, where they are hosted, and the performance requirements as to whether you should use a VM, Open Server (Hardware), or a Check Point appliance.

In general, Open Server gateways (also applies to VMs):

  • Must be licensed for the number of processor cores you want to use
  • For Open Server hardware, we only guarantee support for three years
  • Have a higher support cost

Also, some features are only supported on Check Point appliances (e.g. Hyperflow in R81.20, Dynamic Balancing in R81+).

AmitShmuel
Employee
Employee
‎2023-05-06 06:01 AM
In response to PhoneBoy
Jump to solution

R80.40+ for Dynamic Balancing 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events