IMHO, there's no longer any viable reason to buy new Nokia/IPSO appliances
to run Check Point. You can match or exceed scale and performance with
SecurePlatform on cheaper x86 server hardware. And now that clustering is
part of NG-AI, Nokia's got nothing on SecurePlatform.

Crossbeam boxes, which I have no hands-on experience with, have extremely
high port density. If that's helpful, for instance if you need 10 firewall
interfaces per 1U of rack space, then these may be your only option (short
of looking at Cisco chassis switches with FWSM blades).

Even then Check Point supports 802.1Q VLAN tagging and virtual interfaces,
so you can turn a single physical interface on a SecurePlatform box into a
dozen or more logical interfaces by connecting to a switch that supports
VLAN tagging.

Anyway, my advice is to assume that you will be running SecurePlatform on
some x86 server (see HCL:
and then only select a different product if your environment requires it.


-----Original Message-----
Subject: [fw-wiz] Intel vs. special purpose FW-1 servers


We are working on a project to upgrade our firewall infrastructure.

One of the questions is whether to use FW-1 on a standard Intel server or to
use a special-purpose optimized version of FW-1 on a dedicated hardware
platform such as Nokia firewall appliance or Crossbeam systems C30/X40.

Does anyone have any advice on what factors are important when making such a

firewall-wizards mailing list