Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SantiagoPlatero
Collaborator

Open Server to Appliance (critical) migration

Hi all, I'm sorry cause I know this has been asked (and answered) before, I don't want you to think I distrust the answers of the community, but I'm not have in fact a 100% confidence on my local SE to do a good job with this.

I need to replace our main gateway, which is a Dell R710 but licensed to only 2 cores. I have all blades enabled (with the exception of DLP), at least 10 S2S VPN  and as I said above, this is a highly critical piece of our infrastructure. The main reason to do the migration is economical, as the annual renewal for Open Servers is, by far, more expensive than the renewals for Appliances.

I know CPSizeMe is not compatible with Open Servers, so I'm in a situation I don't have any other choice to hope my local SE does a good sizing job and achieve to recommends me the right Appliance.

Sooo, the question remains: is there any, ANY, way I could use some sizing tool (rather than CPView or such) or document that allow me to do a sizing and to have a nice sleep at night when the moment comes to do the purchase?

And, if the answer remains the same (there isn't and I should trust to my local SE), why is that? This question is more like a constructive criticism, I know some vendors used the Sizing Tools that Check Point have to take advantage, but I really don't believe that would be a valid reason to leave us, the customers and the companies that religiously pays for contract support, to the hand of fate and lucky.

Maybe you Check Point guys could write some SK that give us directions to do the sizing manually (if it's not already)?

Thanks and, again, sorry Smiley Happy

12 Replies
_Val_
Admin
Admin

No need to be sorry.

There is a Appliance Sizing tool which is available for Check Point SEs and partners:



You need to ask for some assistance, while providing the basic info about your traffic, to get a list of recommended appliances.

Should be VERY easy to do over the phone

SantiagoPlatero
Collaborator

Thanks a lot Valeri!

You guys don't have any plans to have the tool available for customers?

0 Kudos
_Val_
Admin
Admin

no, it is a sales tool

0 Kudos
Timothy_Hall
Legend Legend
Legend

Your Dell R710 has a Xeon X5660 processor with a CPUmark score of 7618 per core (and you are using 2 cores), while the 5600 has 4 processors with a CPUmark of 7021 each.  The 5600 model also supports AES-NI for speeding up your VPNs.  Given the limited information I'd guess a 5600 would be sufficient.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
_Val_
Admin
Admin

After chatting with local SEs, I believe 5600 is an overkill here.

0 Kudos
Jerry
Mentor
Mentor

I do not think Valeri that 5600's are overkill here and ultimately 5200 would do good here, all depends but a gap between 5200 and 5600 is massive you know that Smiley Happy 

Jerry
0 Kudos
_Val_
Admin
Admin

That's because you do not have the full picture, which is normal. I do have some more background now.

Do not get he wrong, we will be happy to sell more expensive boxes to Santiago, if this is what he wants 🙂 

0 Kudos
Jerry
Mentor
Mentor

fair enough, you know the drill Smiley Happy

Cheers

Jerry
0 Kudos
SantiagoPlatero
Collaborator

And I would be very happy to buy em, but you'll have to come here to talk down my boss first and the board then to let go some dollars

Like in almost any company, the infosec investment is perceived as an expensive cost with no revenue... Until they have a major security breach. I could sell the NGTX licenses here when the WannaCry outbreak happened, and when the stakeholders could confirm how much cost the incident, in millions of dollars, to a competitor.

Hope Valeri you didn't fully share my cautions with my local SE, it wasn't my intent to offend or diminish anyone here. But like I said above, if the appliance is an overkill or falls short, my head would be on the line here.

Thanks for the help guys!

_Val_
Admin
Admin

Santiago, this is an open forum. Your SEs have the same level of access to this post as you and I. I could not exactly hide this thread from them, you know 🙂

No harm done, but I advise you to take your SE recommendation for its value. This is, by the end of the story, an official Check Point word concerning your needs. If you do want 5600, this is what you get, just talk to local guys.

0 Kudos
SantiagoPlatero
Collaborator

Oh Valeri, please don't get my wrong, it wasn't my intent to be a criticism or complain to you or anyone around here, not at all. And that's why in my op at first I tried to clarify I don't distrust the community at all and asked for sorry because my post could "push any button" (in the community and the local CP guys here). 

But like I said above, is not trivial for the company that employees me the money they spend on security infrastructure, so I tried to take all the cautions and due diligence that have at my reach to allow me to suggest the best solution available to my bosses and stakeholders here.

No harm, no foul Smiley Happy

_Val_
Admin
Admin

Santiago Platero‌, I can assure you that you are in good hands. Your SE should contact you to help you out. We have got your back, do not worry

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events