Does anyone use SmartDefense for CheckPoint?
What exactly does it offer, and would you say it is worth it?
We are replacing our Nokia box and upgrading CheckPoint etc., so are giving the addition of SD some consideration.
Thanks
It offers pre-defined configuration options for DoS, TCP, FTP, HTTP, IP, ICMP, etc., etc. Some of them work well, others are a bit buggy and I wouldn't enable them, personally. The problem with CheckPoint is their software is developed by SofaWare, a CheckPoint company, which I think is one of those over-stretched, poorly staffed organizations. This is reflected in the quality of the product released for production. Probably doesn't help that the company is located in war-torn Israel, where the ability to recruit the best talent is sorely limited.
Checkpoint software for these boxes are developed by Checkpoint. Sofaware does the development for the Edge appliances
a 30 day trial license for Smartdefense is available. It does have problems in some of the areas but many of its caspabilities do work. The package is part of the software now. The license allows you to update the capabilities as new defenses are released.
The problem with CheckPoint is their software is developed by SofaWare, a CheckPoint company,
Err... no it isn't!
Hi K,
I work for Dataway, Inc. We are a Check Point Gold Partner, and we have hundreds of Check Point installations worldwide. We could definitely help you with this, and would be happy to provide advice. We could also arrange for an eval of SD, as one of the other respondents suggested. Dataway has proprietary builds on Red Hat Linux Enterprise for Check Point that are hardened and also include some scripts that we have developed over the years to ease the administration of Check Point firewalls. We have so many firewalls under management that we had no choice but to improve the administration so we could keep up! This has certainly benefitted our customers as well.
Please feel free to give me a call at 415.659.1720 if you would like our assistance.
Best Regards,
Jas> Does anyone use SmartDefense for CheckPoint?
I have a Safe@Office UTM. Sofaware develops the firmwar for that device.
Then tell me what SofaWare does for them.
Checkpoint founded Sofaware in 1999 and they make embedded appliances that utilise Firewall-1 technology. They only deal in the SOHO low end embedded software boxes, quite a different thing from full blown Firewall-1.
Yes and have for years. It works well but you need to pay attention to the logs after you enable a protection in case it has unexpected consequences.
For example, the Aventail older SSL VPN client gets picked up as an SSL exploit, because it's defective.
Best practice is to make a database revision backup right before you update the SmartDefense defs, push the policy, update and push again. If the update has any problems, you can rollback to the revision, which will restore all of the old SmartDefense defs.
Ray
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.