Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Javad_Nicou
Contributor

Appliance or VSEC VE

Hi ,

I have openserver firewall (R60) and would like to upgrade to R80.10 . the current firewall is internet facing firewall and I would like to enable NGTX blades and web filtering as well .

I unable to use #cpsizeme script because of old version of OS and open-server environment .I also have VSEC VE license which I can use it for this deployment but I would like to choose the right product ( Appliance or VSEC VE ) for this deployment .

400 users (end-point )

5 site to site VPN

15 NATS

15 connected network 

Could you help  me to choose right product .

Thanks in advance for your help .

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

What's the throughout of your Internet connection?

That's probably going to be your limiting factor.

Your existing Open Server license can be traded in for whatever option you choose.

What SKU is your VE license? This may also need to be traded in depending on the vintage.

0 Kudos
Javad_Nicou
Contributor

Hi Mate ,

Internet Connection : 300 Mbs 

What do you recommend VE or appliance ? what model of appliance ?

We purchased the VE last week for different scope but I can use it for this priority project .

Cheers ,

Javad

0 Kudos
PhoneBoy
Admin
Admin

Assuming it's a perimeter gateway, I would go with an appliance to provide protection for your VM farm.

Based on the limited information you provided, the minimum appliance I would go with is a 5600, which does give you some room to grow.

If you have specific interface requirements, or there are significant internal traffic flows through this gateway, that might change the appliance recommendation. 

If you're going to go with VE (what we now call CloudGuard IaaS, or more recently vSEC), I would opt for a 4 core VM, which also gives some room to grow.

Again, if there are significant internal traffic flows through this gateway, that might change this recommendation.

You may also want to consider acquiring both options.

Of course, you should run all of the above (with more detail about your environment) by your Check Point SE, who should be able to provide a more precise recommendation.

G_W_Albrecht
Legend Legend
Legend

I think the best thing to do is to use the CP Appliance Sizing Tool

Three further points to ponder:

- i would go for HA Clustering the GW appliances

- i would use appliances with two PSUs each

- i would use a virtualized (VM) SMS

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Hugo_vd_Kooij
Advisor

Keep in mind. There is no sane upgrade path from R60 to R80.10.

It is faster to take the network drawing and build a new policy.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Lloyd_Barnett
Contributor

I love it -"sane"... IE: not in your right mind, nor in this physical or ethereal realm.

Alan Stanwyck: "If you reject the proposition, you keep the thousand – and your mouth shut."
Fletch: "Does this proposition entail my dressing up as Little Bo Peep?"
Alan Stanwyck: "It’s nothing of a sexual nature, I assure you."
Fletch: "Yeah, I assure you."
Alan Stanwyck: "One thousand just to listen. I don’t see how you can pass that up, Mister…?"
Fletch: "Nugent. Ted Nugent."
0 Kudos
PhoneBoy
Admin
Admin

Just to prove the point, here's what the Upgrade Wizard says:

This does not include the steps to get to R65, which I think you can do from R60, but that's merely a guess.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events