opinion on Check Point Security Appliances

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

opinion on Check Point Security Appliances

breda
I was thinking of getting a 700 Security Appliances for one of our business locations and wanted to get an opinion on them?

https://www.checkpoint.com/products/700-security-appliances/

https://www.checkpoint.com/downloads/products/datasheets/ds-700-appliance.pdf


Thanks
Reply | Threaded
Open this post in threaded view
|

Re: opinion on Check Point Security Appliances

user8446
Administrator
If you want an appliance I would go with PfSense. It's open source, no monthly fees, and has both Snort & Suricata packages: https://store.pfsense.org/SG-2220/

Here's another good appliance option, Untangle appliance: https://www.untangle.com/u25offer/


If you want to install on a x86 machine laying around here are some good other free options:

Untangle: https://www.untangle.com/shop/NG-Firewall-Free/

Sophos UTM: https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

Security onion: https://securityonion.net/


Or just buy another shield on eBay. Now that the bugs have been worked out, it just runs month after month without any issues or reboots.


Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: opinion on Check Point Security Appliances

breda
Thank you user8446 I appreciate all the help  can  Antivirus or  Anti-Bot can be added to the Shield?  

Take care
Reply | Threaded
Open this post in threaded view
|

Re: opinion on Check Point Security Appliances

user8446
Administrator
You can have Anti-bot, malware, phishing, and content filtering on your whole network for free by using OpenDNS. Point your DNS in your router to 208.67.222.222 and 208.67.220.220. Create a free account at OpenDNS and you can select what you want filtered. I would select at least these:

Web Spam
Adware
Parked Domains
Malware/Botnet
Phishing protection
Suspicious responses

You can then select what else you want filtered. If you have a dynamic ip, you can either put the OpenDNS updater on one of your endpoints or use the DDNS built into the shield. Not only have you dramatically increased your security, you should have a faster and more reliable network. ISP's are notorious for either slow DNS resolution or outages. This is why speed tests will often look fine but you'll still have slow browsing. I recommend everyone do this.

As for antivirus, ClamAV was on an earlier shield f/w, but was taken off until some bugs we're worked out. My opinion is AV is more efficient on endpoints because AV at the gateway chokes the network.
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: opinion on Check Point Security Appliances

breda
Thank  you user8446  for all the help your a real lifesaver and I appreciate your  expert advice


Take care


Reply | Threaded
Open this post in threaded view
|

Re: opinion on Check Point Security Appliances

harpss1ngh
When I last spoke to ITUS before they went bust, they were working on a ITUS Shield Virtual Appliance for Hyper-V or ESXi, they had one in BETA.

I wonder if anyone managed to get a copy. It's basically what the shield does but in a X86 Linux OS.

I think that maybe if we dump the ITUS Shield parts without the underlying OS modules maybe we can achieve something similar. A new git repository might be useful here.

Git pull the necessary parts and make a sort of Frankenstein virtual appliance!
Reply | Threaded
Open this post in threaded view
|

Re: opinion on Check Point Security Appliances

breda
Thanks harpss1ngh I  wanted ask you if you can update you  how to guide  to add  hotfix_160528?  or not sure if Roadrunnere42 is going to modify with the router mode  problem

 
Reply | Threaded
Open this post in threaded view
|

Re: opinion on Check Point Security Appliances

breda
In reply to this post by user8446
Hi, user8446  I took your-your advice and ordered  Shield I have not received it yet but they said it should have 1.51 SP1 and I will look at updating it

Thanks