Thats one expensive network card :)
Greg
But yet, there is some "magic" presented... Some "yes, but this is
'Checkpoint'" and people foot the bill. I mean, I know checkpoint is a good
product, but the last engagement I was at for a power company required the
client to get an additional network card for some Nokia/checkpoint box and
it cost them $25,000. Yes, Twenty-Five-Thousand dollars to add another
network segment to the box. There was obviously some other mojo involved
with some license to do something, but I've got to say-- sometimes I think
some of these guys are going straight to hell for the earthly raping of
their fellow man - or am I missing something? That goes beyond rape,
actually... That's getting it right in the neck. Where is the
justification?
t
On 8/24/06 5:30 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all:
Not impossible at all. I've been heads down in the lic'ing fees Netscreen, Blue Coat and Cisco charge, and all I can say is "one is born every minute" to go with one of those solutions if the ISA firewall provides the customer's required functionality, and at a fraction of the price.
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland Sent: Thursday, August 24, 2006 7:24 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: OT: Checkpoint HTTPS Termination
jeepers! and i thought saving one of my clients 7.5k for 700 users with a customised ASP solution instead of GFI archiving was impressive, but 50k thats unpossible.
Greg
----- Original Message ----- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx> To: <isapros@xxxxxxxxxxxxx> Sent: Friday, August 25, 2006 10:17 AM Subject: [isapros] Re: OT: Checkpoint HTTPS Termination
Hey, it's only $50,000 for 500 users. How can you callthat "gouging?" :\<tshinder@xxxxxxxxxxx> spoketh to
ISA, here we come.
t
On 8/24/06 4:45 PM, "Thomas W Shinder"initiation ifall:
Tim,
Reviewing my compete doc, you can have SSL termination andsap customeryou introduce Connectra. CP is famous for gouging the poorlayer inspection.is additional lic'ing fees for every basic applicationlicense theirIn order to get some Web proxy capabilities, you need tocannot confim"Web Intelligence" product.
If you find out more info on this, I'm all ears.
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Thursday, August 24, 2006 6:09 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] OT: Checkpoint HTTPS Termination
Pardon the OT, but I've got a customer using Checkpoint who has retained me to audit/oversee the deployment of a new application in the DMZ.
Based on what I do all the time with ISA, the client and I both assumed that the Checkpoint box could do HTTPS termination in order to perform protocol-level HTTP filtering. We also assumed that the checkpoint box could then forward HTTP to the DMZ for IDS/NetMon logging.
It seems, however, that the Checkpoint firewall adminsomething thatCheckpoint's capability to perform this function. Given all the hubbub about Checkpoint, its seems that it's odd that ISA can perform a function so well that Checkpoint does not even support.
Can anyone out there confirm this? This could be a great opportunity for me to officially introduce ISA into the company (which I would love) but I want to make sure I'm doing the best job for the client before I just spend the money (or request that they spend the money) if this istraffic to aCheckpoint can do.
The goal is to terminate HTTPS at the Checkpoint box, perform app level filtering (like ISA's HTTP filter), then forward the HTTPcan log thesingle segmented DMZ network so that the IDS/NetMon boxestraffic via the switch/Nokia monitor ports.
Thanks. Oh, any specific references would be great so that I can share them with the client.
t