Fing Check Point Firewall-1 NG with AI, what a load of st. I cannot believe what a load of ts it is and it quality is so dire its painful.

If I ever find the wr who said it was good enough to release I will lamp the fr so hard....

God, what the hell is wrong with Check Point? Oh, sorry just realised - dominant supplier of firewalls to the corporate market and hence dont give a fk.

Wkers....

Anyone else had problems with NG with AI?

We don't have any problems with our Cisco PIX


Edited to say: What's Hobbit on about

>> Edited by rich-uk on Wednesday 28th January 20:34

TheHobbit said:

Having a bad FeckWall-1 day? When its good its very very good, and the rest of the time its awful. Ever tried to FTP through it or get VoIP through it?

Oh yes - I am having a very bad Check FK week.

The quality of the new stuff is so bad it beggars belief:

1) The latest build R55 is only available as a wrapper install (120MB download) and everything is installed from that. Yet when you run it, depending on the combination of products it gives you a "please insert disk 2" error - THERE IS NO DISK2!!!

2) Upgrading an NG management server to NG with AI - you get a strange situation that the firewall is installed, but you cant install the policy server cos "the firewall is not installed".... NIGHTMARE

3) The latest VPN-1 Edge appliances are compatible with Firewall-1 NG .... OH no they arent... you need NG with AI for that - but by the way that necessitates an upgrade (hence problems) - but their documentation and marketing says something completely different.

the list goes no....

Its not really complex stuff - this is fundamental testing that they just arent doing. The quality of the software is going down VERY quickly and its shocking.... and for one stuck at the sharp end, its very disheartening....

Mind you - a little venting does make you feel a lot better.....

P.S. Yes, done the VoIP and FTP stuff is a nightmare, but once its working its OK - not secure, but OK.

Sympathies.

That said, NG AI on SecurePlatform is the first version of firewall-1 I've ever used where destination mode NAT actually works properly out of the box with no frigging about.

When it works, it works very well - it's supremely flexible. When it doesn't, it's the biggest pain in the ass ever. Their software testing really is lamentable and trying to get decent support is a laugh too...

tuffer said:

Heard some good reports about Netscreens, better still outsource your security and let someone else deal with the headache and pay you compensation when they bust SLA!!

Netscreens are very good - but competitive pricing and higher specs means PIX is back in contention in some applications. I'd go with Netscreens on smaller scale implementations or where really big standalone devices are being used, for the mid range the PIX is better specced for the money than the Netscreen...

Paul, just think, it could be worse. You could be trying to make a SonicWall jump through hoops. They don't.

And everything I've used with a web-based GUI managed to suck in some way or other.

Raptor - now there's a pretty high-quality box of tricks.