Wednesday, January 30, 2013

Tufin Expert blog

I am starting Tufin blog here. Similar to CCMA blog, I will be using it as public working notes concerning various Tufin related topics.

VSX R67: Incorrect IP address of re-defined VLAN interface

I have got a support call the last week about inability to re-configure IP address on one of the Virtual Systems' VLAN interface on VSX R67.10 system.

To be more specific, say it was eth1.444 with IP address 192.168.xxx.yyy. During the migration to this VS, customer had to "hide" interface for some time. So he has changed its IP address to something like 1.1.1.1.

First time it has worked like a charm. But when he wanted to put the production IP address back, strange things began to happen. In the SmartDashboard it was all right, but instead of 192.168.xxx.yyy eth1.444 was still reported with 1.1.1.1 by ifconfig and cphaprob -a if commands.

Deletion and recreation fo the interface did not change the situation. Eventually the customer has opened a support call with us.

Apparently this is an known issue described in Check Point SecureKnowledge in sk67120.

The solution was to install policy on the VS after re-definition of the interface.

The issue is only specific to R67 and does not seem to appear with R65 and R75.40VS.

Tuesday, January 22, 2013

Israeli Ministry of Defence chooses Fortinet over Check Point

According to the report of Israeli Calcalist (Hebrew) Ministry of Defence in Israel is abandoning Check Point for Fortinet.

Considering Israeli Ministry of Defense was one of the first loyal customers of Check Point, this is a very unpleasant event for CP and a huge win for Fortinet. I hope upper management of Check Point taks this as a wakeup call, after series of similar situations with other customers around the globe moving away to other, rather less expensive, solutions.

Monday, January 21, 2013

Crossbeam passes Check Point in a BlueCoat

BlueCoat has announced the purchase of Crossbeam. The great drama of Crossbeam is now at its end.



It all started in 2011 when Check Point has announced 61000 appliance. Days of Crossbeam being a dominant of High End Check Point firewall vendor were obviously counted.

We all have heard stories and arguments about why Crossbeam should remain, about technology and features, about performance and advantages, but finally Crossbeam went to the market looking for a new partner.

As one of the Crossbeam certified experts, I admire their courage and spirit. I have liked the technology, and I have liked the people. I was very concern for them to go under and I am happy to see they have found a new business now.

Irony of this situation is that Crossbeam had suffered Check Point partnership twice.

First, there were C-series, the very first Check Point branded UTM appliances. They went extinct when Check Point had developed taste for its own UTM business. Crossbeam survived, with X-series. Not for long too long though.

I hope BlueCoat Will takes good care of them. I hope the people remain and the technology flourishes. 

All the good luck guys!