This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cdooer
Participant
‎2021-03-09 11:11 AM

Question about virtual licensing

Hi there. We've been looking into buying some new appliances, and splitting them up into virtual firewalls. As far as licensing/subscriptions are concerned, are there any cost benefits to doing it this way, rather than just buying new pairs of appliances? In several of our data centers, we've got 5 or 6 pairs of gateways performing important security duties, but they are severely underutilized. Wondering if it would be more cost effective to roll all of these into a pair of larger pair of appliances, and split them out using the virtual technology. The yearly subscription costs are quite high.

0 Kudos
4 Replies
the_rock
Legend
Legend
‎2021-03-09 11:42 AM

Interesting thought, but not sure licensing works like that...you could confirm with account services.

Andy

0 Kudos
Vincent_Bacher
Advisor
‎2021-03-09 11:54 AM
In response to the_rock

As Andy already mentioned,  this should be calculated and compared. 

If you buy separated appliances,  you purchase license ans subscription for all required blades  and support for every appliance.

When using VSX you need bigger hardware to cover all systems and in addition a virtual systems package. 

I never cared about costs so account services is best address to calculate the best option for your needs.

and now to something completely different
0 Kudos
Bob_Zimmerman
Leader
Leader
‎2021-03-09 12:13 PM

The big downside to doing this with VSX is it isn't really virtual in any meaningful sense. All VSs share the same version, the same OS, the same hard drive or SSD, and so on. If the box has a problem, all of the contexts on it also have a problem. It greatly increases the impact domain of failures or maintenance. I have seen some environments still running R67 (end of support before 2014) because they can't get everybody using the firewall to agree to a change window long enough to upgrade.

Edited to add: VSX on a larger box is definitely vastly less expensive than a bunch of separate smaller boxes, though. As long as you're okay with the larger potential impact, it can save ridiculously huge amounts of money. I've got a VSX pair right now running ~$300k worth of licenses on $45k worth of open servers. Replacing those boxes with non-VSX appliances would cost a minimum of $4M, just due to all the different routing tables.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-09 02:14 PM

The answer is: it depends.
In some cases, you may want to combine using VSX, in other cases: not.
If you have gateways with different tolerances/requirements for downtime and such, you may want to keep those separate. 

0 Kudos