Get the best deals on Check Point Enterprise Firewall VPN Devices when you shop the largest online selection at eBay.com. Free shipping on many items. CHECK POINT VPN-1 EDGE SBX-166LHGE-2 FIREWALL VPN - NO POWER CORD. CHECKPOINT 12600 MODEL P-230 W/ CPAP-ACC-2-10F NIP-51081-090 NIP-51040-090.
I have never used this gear but I was hoping the hivemind could answer a few q's as I can't seem to figure out anything from Checkpoint's website.
First, it's a Safe@Office 200, model SBX-166LHGE-2 on a 10Mbps symmetrical Ethernet connection. Is this thing capable of running their v.7.5 software? All I seem to find (in terms of models) on the checkpoint website is references to the 500 series.
Assuming it can run v.7.5, I have looked through the User Manual and have found some features I have looked for:
-tagged vlans (on the DMZ port)
-inter-vlan routing and firewall
-access-list based QoS/Traffic Shaping with weighted fair queuing
-shaping and rate limiting based on KBps
My goal is this:
-separate VLANs (office, guest wifi, guest ethernet)
-each vlan as a whole would be a class, each class would have a guaranteed minimum bandwidth, but would be able to burst to fill the connection (save the other classes' minimum)
-office > guest ethernet > guest wifi for bandwidth bursting, but fair queuing
-each user inside a class (ie workstation, wifi client) would have fair queue with other members in their class
This is a kinda hierarchical bandwidth/shaping scheme and I'm just not sure if it is possible in this device.
My thought was to assign create 3 queues, office, gethernet and gwifi. Assign them weights of 60/30/10 respectively, and guarantee each a minimum of 1Mbps and rate limit to a max of 8Mbps (leaving 2Mbps for the other classes on the 10Mbps connection). Mark all of them as medium latency sensitivity. But I don't know how it would treat members of inside of each class (fair queue or what)?
I know I could write this setup in iptables in a few minutes, but this device is already in place and people are comfortable with it (even though nobody really knows how to use it and it has no support contract).
Anyone with some experience with the device and willing to share would be greatly appreciated. Also, the device will be performing shaping for ~70 office people. Is this thing going to melt trying to do all that shaping (presumably in software)?
First, it's a Safe@Office 200, model SBX-166LHGE-2 on a 10Mbps symmetrical Ethernet connection. Is this thing capable of running their v.7.5 software? All I seem to find (in terms of models) on the checkpoint website is references to the 500 series.
Assuming it can run v.7.5, I have looked through the User Manual and have found some features I have looked for:
-tagged vlans (on the DMZ port)
-inter-vlan routing and firewall
-access-list based QoS/Traffic Shaping with weighted fair queuing
-shaping and rate limiting based on KBps
My goal is this:
-separate VLANs (office, guest wifi, guest ethernet)
-each vlan as a whole would be a class, each class would have a guaranteed minimum bandwidth, but would be able to burst to fill the connection (save the other classes' minimum)
-office > guest ethernet > guest wifi for bandwidth bursting, but fair queuing
-each user inside a class (ie workstation, wifi client) would have fair queue with other members in their class
This is a kinda hierarchical bandwidth/shaping scheme and I'm just not sure if it is possible in this device.
My thought was to assign create 3 queues, office, gethernet and gwifi. Assign them weights of 60/30/10 respectively, and guarantee each a minimum of 1Mbps and rate limit to a max of 8Mbps (leaving 2Mbps for the other classes on the 10Mbps connection). Mark all of them as medium latency sensitivity. But I don't know how it would treat members of inside of each class (fair queue or what)?
I know I could write this setup in iptables in a few minutes, but this device is already in place and people are comfortable with it (even though nobody really knows how to use it and it has no support contract).
Anyone with some experience with the device and willing to share would be greatly appreciated. Also, the device will be performing shaping for ~70 office people. Is this thing going to melt trying to do all that shaping (presumably in software)?
Configure Serial connection in your console application (PuTTY, HyperTerminal, SecureCRT, Minicom, etc).
Note: Refer to the Getting Started Guide for the relevant appliance (see sk96246).
Appliances | Serial connection configuration |
2000 3000 4000 5000 6000 12000 13000 15000 21000 23000 16000 / 26000 Smart-1 205/210/225/3050/3150 Smart-1 525/5050/5150 Smart-1 625 Threat Emulation SmartEvent NGSE Secure Web Gateway | Baud rate = 9600 bps Data bits = 8 Parity = None Stop bits = 1 Flow Control = None |
600 700 900 1100 1200R 1400 | Baud rate = 115200 bps Data bits = 8 Parity = None Stop bits = 1 Flow Control = None |
DDoS Protector | Baud rate = 19200 bps Data bits = 8 Parity = None Stop bits = 1 Flow Control = None |
Smart-1 5/25/25B/50/150 Power-1 UTM-1 VSX-1 DLP-1 | Baud rate = 9600 bps Data bits = 8 Parity = None Stop bits = 1 Flow Control = None |