Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CheckPoint instead of ISA?

Status
Not open for further replies.
Oct 23, 2007
21
US
We currently use CheckPoint FW-1 on a Nokia device for our firewall. Remote users currently access everything behind the firewall by first establishing a VPN to our IBM LMC in the DMZ of the CheckPoint.

We are considering eliminating the VPN altogether and going to a SSL solution using MS ISA Server, which would also be placed in the DMZ and provide authentication for users coming in and attempting to access web pages and applications behind ISA.

We are wondering if the CheckPoint devices can provide any or all of these services thereby eliminating the need for ISA.

If it is possible, I envision a user going to which gets them to the CheckPoint. The Checkpoint would gather the username/password and validate against A/D on the inside, and then redirect (NAT) to the appropriate resource on the inside.

I think we are asking for something that does not exist, but would like to know for sure.

Anyone know the answer to this, or have any other thoughts or comments? Thanks in advance!
 
Why don't you use SecureClient / SecureRemote... or is this too much? We use it for all of our remote workers, it is easy to setup with authentication using certificate or username/password. The cost is about £50 a head I believe... although I haven't bought any licenses for 5 years.
 
Checkpoint does support SSL VPN. I believe it was implemented with R61. Your post indicates that you want to grant access to web resources and applications. Most ssl solutions only work with web based data. I have not worked with ISA in a few years however back then ISA also only supported web based traffic. The Juniper SA series is an exception. It is an SSL VPN that also uses a small 148kb thing client that is dynamically installed after logging in. That client allows sockets connections for anything on the network.

IT Security news and information
In plain English
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top