[isapros] Re: OT: Checkpoint HTTPS Termination

• From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
• To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
• Date: Thu, 24 Aug 2006 20:02:42 -0700

But yet, there is some "magic" presented... Some "yes, but this is
'Checkpoint'" and people foot the bill. I mean, I know checkpoint is a good
product, but the last engagement I was at for a power company required the
client to get an additional network card for some Nokia/checkpoint box and
it cost them $25,000.  Yes, Twenty-Five-Thousand dollars to add another
network segment to the box.  There was obviously some other mojo involved
with some license to do something, but I've got to say-- sometimes I think
some of these guys are going straight to hell for the earthly raping of
their fellow man - or am I missing something?  That goes beyond rape,
actually... That's getting it right in the neck.  Where is the
justification?

t




On 8/24/06 5:30 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:

> Not impossible at all. I've been heads down in the lic'ing fees
> Netscreen, Blue Coat and Cisco charge, and all I can say is "one is born
> every minute" to go with one of those solutions if the ISA firewall
> provides the customer's required functionality, and at a fraction of the
> price.
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland
>> Sent: Thursday, August 24, 2006 7:24 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: OT: Checkpoint HTTPS Termination
>> 
>> jeepers! and i thought saving one of my clients 7.5k for 700
>> users with a 
>> customised ASP solution instead of GFI archiving was
>> impressive, but 50k
>> thats unpossible.
>> 
>> Greg
>> 
>> ----- Original Message -----
>> From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
>> To: <isapros@xxxxxxxxxxxxx>
>> Sent: Friday, August 25, 2006 10:17 AM
>> Subject: [isapros] Re: OT: Checkpoint HTTPS Termination
>> 
>> 
>>> Hey, it's only $50,000 for 500 users.  How can you call
>> that "gouging?" :\
>>> 
>>> ISA, here we come.
>>> 
>>> t
>>> 
>>> 
>>> On 8/24/06 4:45 PM, "Thomas W Shinder"
>> <tshinder@xxxxxxxxxxx> spoketh to
>>> all:
>>> 
>>>> Tim,
>>>> 
>>>> Reviewing my compete doc, you can have SSL termination and
>> initiation if
>>>> you introduce Connectra. CP is famous for gouging the poor
>> sap customer
>>>> is additional lic'ing fees for every basic application
>> layer inspection.
>>>> In order to get some Web proxy capabilities, you need to
>> license their
>>>> "Web Intelligence" product.
>>>> 
>>>> If you find out more info on this, I'm all ears.
>>>> 
>>>> Thomas W Shinder, M.D.
>>>> Site: www.isaserver.org
>>>> Blog: http://blogs.isaserver.org/shinder/
>>>> Book: http://tinyurl.com/3xqb7
>>>> MVP -- ISA Firewalls
>>>> 
>>>> 
>>>> 
>>>>> -----Original Message-----
>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>>>>> (Hammer of God)
>>>>> Sent: Thursday, August 24, 2006 6:09 PM
>>>>> To: isapros@xxxxxxxxxxxxx
>>>>> Subject: [isapros] OT: Checkpoint HTTPS Termination
>>>>> 
>>>>> 
>>>>> Pardon the OT, but I've got a customer using Checkpoint who
>>>>> has retained me
>>>>> to audit/oversee the deployment of a new application in the DMZ.
>>>>> 
>>>>> Based on what I do all the time with ISA, the client and I
>>>>> both assumed that
>>>>> the Checkpoint box could do HTTPS termination in order to perform
>>>>> protocol-level HTTP filtering.  We also assumed that the
>>>>> checkpoint box
>>>>> could then forward HTTP to the DMZ for IDS/NetMon logging.
>>>>> 
>>>>> It seems, however, that the Checkpoint firewall admin
>> cannot confim
>>>>> Checkpoint's capability to perform this function.  Given all
>>>>> the hubbub
>>>>> about Checkpoint, its seems that it's odd that ISA can
>>>>> perform a function so
>>>>> well that Checkpoint does not even support.
>>>>> 
>>>>> Can anyone out there confirm this?  This could be a great
>>>>> opportunity for me
>>>>> to officially introduce ISA into the company (which I would
>>>>> love) but I want
>>>>> to make sure I'm doing the best job for the client before I
>>>>> just spend the
>>>>> money (or request that they spend the money) if this is
>> something that
>>>>> Checkpoint can do.
>>>>> 
>>>>> The goal is to terminate HTTPS at the Checkpoint box, perform
>>>>> app level
>>>>> filtering (like ISA's HTTP filter), then forward the HTTP
>> traffic to a
>>>>> single segmented DMZ network so that the IDS/NetMon boxes
>> can log the
>>>>> traffic via the switch/Nokia monitor ports.
>>>>> 
>>>>> Thanks.  Oh, any specific references would be great so that I
>>>>> can share them
>>>>> with the client.
>>>>> 
>>>>> t
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 
>> 
> 
> 
> 

• Follow-Ups:
  • [isapros] Re: OT: Checkpoint HTTPS Termination
    • From: Greg Mulholland

• References:
  • [isapros] Re: OT: Checkpoint HTTPS Termination
    • From: Thomas W Shinder

Other related posts:

• » [isapros] OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination
• » [isapros] Re: OT: Checkpoint HTTPS Termination

1. Home
2. isapros
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---