Check Point 680 Wireless, any experiences?

[awesomo]

I have been on a quest for a good UTM firewall for small business 20-50 computers. My massive research has led me to the Check Point 680. I have used Juniper (Bitch to setup), Cisco (decent setup), and Sonic Wall (Soo buggy), and I have not been impressed.

Anyone have any experience with the Check Point? Any other recommendations out there?

 

[k1pp3r]

I only have experience on the SOHO X1 edge appliance, but I would take fortinet over them any day. And I am not really a fan of Fortinet.

That said, to this day I have not found a UTM I really enjoy working with, they are all bitches and do the same thing in awkwardly different ways.

 

[awesomo]

This has been my damn experience too. It's so frustrating. And in the SMB space, Palo Alto is out of the question.

 

[Nicklebon]

I've got a a CP 640 brand new in the box here beside me that I won at CPX earlier this year that I've never used because I'm too lazy to open the box. I have used a CP 2200 and an 1100 with wireless before that at home and was very happy with them. I am currently using a Fortigate 140POE + a couple of FortiAPs that I am extremely happy with, thus the lackadaisical attitude toward the 640. There was certainly nothing difficult or awkward about setting it up nor the Checkpoint boxes before it. FWIW my account rep say the 600s are even easier to setup than the 2200. Is there a specific question about the CP box I might could answer?

 

[awesomo]

I asked this question elsewhere and someone set me up with the Fortigate Demo. I am going to be ordering a 90d shortly. Checkpoint is still a front runner if the Fortigate doesn't work out. I just was looking for experiences. I have never setup a UTM, only maintained them when I gained clients that had them installed already (Never ran into Checkpoint or Fortinet, and hated the brands I have run into).

It's still hard for me to see the point in a UTM firewall. Out of all the offices I do work for, client side AV seems to do a really good job. Out of the hundreds of computers I manage, I got 5 or 6 viruses I had to personally deal with last year (and one of those WAS at a UTM office), that's it. I realize there are other features, but for smaller offices, again, I don't see the benefit of spending the extra $1000 over a Mikrotik.

 

[Cmustang87]

FortiWiFi 60D is my device of choice, OP. FortiWiFi appliances are solid. Config files are easy to read (you can export them and view them in Notepad++ super easily).

http://www.avfirewalls.com/FortiWiFi-60D.asp

 

[Nicklebon]

It's still hard for me to see the point in a UTM firewall. Out of all the offices I do work for, client side AV seems to do a really good job. Out of the hundreds of computers I manage, I got 5 or 6 viruses

I would certainly hope that you're looking for more than AV out of a UTM firewall. If all you want is AV don't waste your money. Also, the reason you only saw 5 or 6 viruses is because AV is dead and damned near useless these days. In fact I as at a demo today where we launched an attack against a box with AV via a fishing attack, got control of it and deposited our malware and the AV kept on like nothing happened. Again to be 100% clear just because the AV isn't triggering doesn't mean you've not been owned.

UTM will give you ability to spot fishing and block it, block websites, block malware from calling home, keep senistive information from leaving your office, provide IPS/IDS and yes, provide AV for those attackers that are still stuck in the 90s.

To put it in perspective we easily see 1000X more IPS activity than we do AV..

 

[awesomo]

That is a very good point.

Follow-up question. With client side AV, should I even take the performance hit by enabling AV on the UTM firewall?

 

[Nicklebon]

If you're using flow AV on the Fortinet there isn't much of a hit. I run proxy AV with the extended database on the 140 I use at home. My recommendation would be to turn it on in proxy mode and monitor CPU usage. As long as you're not spiking the CPU leave it on but if the CPU spikes that's the first thing I would turn off. The current stats on my 140 show 3.5M files scanned with 0 hits. I personally would also suggest turning on web filtering and blocking the security risk category along with the unrated category. If you get a lot hits for unrated you could just warn which leaves the option of clicking through to the site after the warning.