Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Aaron_Sherrick
Explorer

WatchGuard firewall vs Checkpoint

Okay, so I need some help here.  We're a Checkpoint house, but we absorbed a company who's running a WatchGuard M5600.  We're looking to get rid of it naturally and replace with something else, but the WatchGuard has a proclaimed firewall throughput of like 60Gbps so they're freaking out that we're trying to spec a "lower" speed Checkpoint.  

That 60Gbps seems highly suspicious to me, especially for such a low price (~52K on CDW).  Does anyone have any insights about the validity of their claim, or are they really just that good?  I'm suspecting BS, but would love to have some real data to take back to the brand.  Any insights would be appreciated.

0 Kudos
4 Replies
Maarten_Sjouw
Champion
Champion

I would say a much more appropriate question would be, how much traffic is it really handling. Based on that you should be able to size a CP appliance.

Regards, Maarten
0 Kudos
Mark_Mitchell
Advisor

Hi Aaron,

Just be careful when comparing. Firstly when coming up with a specification, always try to obtain the "real" throughput of the environment. You may find a 100Mbps circuit but in reality may be only touching 50 at peak. In which case you could possibly spec lower than the equivalent firewall your replacing. 

Also the stats that you are referring to, is this raw firewall throughput with no threat prevention, no matter, etc? I've seen vendor spec sheets before and a lot of them will be stripped back for the purpose of the spec sheet, so no NAT, no Https inspection etc. 

In addition what level of protection would you want from the Check Point? Which blades would you plan on using? As these will all be factors when considering which appliance to go for. 

Regards

Mark 

0 Kudos
Aaron_Sherrick
Explorer

Everything you're saying is completely correct--we need to measure actual throughput and let that dictate our appliance choice.  We'll also be using our Checkpoint differently--the brand uses the WatchGuard as a core switch as well (also DHCP); we'd bring in a nice Cisco for the core and move the Checkpoint to the edge, which will lower its throughput considerably.  I am mostly just looking to overcome the user perception: 60Gbps vs xGbps for the Checkpoint appliance so if I can explain the reality to my leadership and to the brand.  

Thanks for your input!

0 Kudos
Mark_Mitchell
Advisor

Just found the below statement in relation to the WatchGuard.

"WatchGuard Firebox M5600 provides firewall speeds up to 60 Gbps and UTM security features at up to 11 Gbps while delivering enterprise-level network security services, including IPS and Advanced Malware detection."

Regards

Mark

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events