|
Posted by K on July 28, 2006, 9:24 am
If you were Registered and logged in, you could reply and use other advanced thread options
Does anyone use SmartDefense for CheckPoint?
What exactly does it offer, and would you say it is worth it?
We are replacing our Nokia box and upgrading CheckPoint etc., so are giving
the addition of SD some consideration.
Thanks
|
|
Posted by optikl on July 28, 2006, 9:39 am
If you were Registered and logged in, you could reply and use other advanced thread options
K wrote:
> Does anyone use SmartDefense for CheckPoint?
>
> What exactly does it offer, and would you say it is worth it?
>
> We are replacing our Nokia box and upgrading CheckPoint etc., so are giving
> the addition of SD some consideration.
>
> Thanks
>
>
It offers pre-defined configuration options for DoS, TCP, FTP, HTTP, IP,
ICMP, etc., etc. Some of them work well, others are a bit buggy and I
wouldn't enable them, personally. The problem with CheckPoint is their
software is developed by SofaWare, a CheckPoint company, which I think
is one of those over-stretched, poorly staffed organizations. This is
reflected in the quality of the product released for production.
Probably doesn't help that the company is located in war-torn Israel,
where the ability to recruit the best talent is sorely limited.
|
|
Posted by Dataway on July 28, 2006, 3:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I work for Dataway, Inc. We are a Check Point Gold Partner, and we
have hundreds of Check Point installations worldwide. We could
definitely help you with this, and would be happy to provide advice.
We could also arrange for an eval of SD, as one of the other
respondents suggested. Dataway has proprietary builds on Red Hat Linux
Enterprise for Check Point that are hardened and also include some
scripts that we have developed over the years to ease the
administration of Check Point firewalls. We have so many firewalls
under management that we had no choice but to improve the
administration so we could keep up! This has certainly benefitted our
customers as well.
Please feel free to give me a call at 415.659.1720 if you would like
our assistance.
Best Regards,
Jason
K wrote:
> Does anyone use SmartDefense for CheckPoint?
>
> What exactly does it offer, and would you say it is worth it?
>
> We are replacing our Nokia box and upgrading CheckPoint etc., so are giving
> the addition of SD some consideration.
>
> Thanks
|
|
Posted by R on August 17, 2006, 9:00 pm
If you were Registered and logged in, you could reply and use other advanced thread options
logs after you enable a protection in case it has unexpected consequences.
For example, the Aventail older SSL VPN client gets picked up as an SSL
exploit, because it's defective.
Best practice is to make a database revision backup right before you update
the SmartDefense defs, push the policy, update and push again. If the update
has any problems, you can rollback to the revision, which will restore all
of the old SmartDefense defs.
Ray
> Does anyone use SmartDefense for CheckPoint?
>
> What exactly does it offer, and would you say it is worth it?
>
> We are replacing our Nokia box and upgrading CheckPoint etc., so are
> giving the addition of SD some consideration.
>
> Thanks
>
|
| Similar Threads | Posted | | Re: CheckPoint SmartDefense and SMTP | August 28, 2007, 9:01 pm |
| Checkpoint - Deny traceroute through checkpoint firewall | August 10, 2004, 3:27 pm |
| Checkpoint - NAT Help | February 7, 2005, 8:00 am |
| checkpoint | March 17, 2005, 5:12 pm |
| checkpoint fp1 +ike | October 25, 2005, 12:08 am |
| CheckPoint help on | September 15, 2006, 2:37 pm |
| Checkpoint QoS | October 24, 2006, 3:29 pm |
| PIX to checkpoint VPN | August 14, 2007, 1:08 pm |
| checkpoint and static nat | August 3, 2004, 5:19 pm |
| Checkpoint and Cisco 501 | August 29, 2004, 10:47 am |
|
XML site map