[nycbug-talk] freeBSD and Checkpoint

[Okan Demirmen]

On Sun 2005.03.27 at 15:19 -0500, Ryan Seu wrote:
> Hi guys, I'm thinking about trying to install Checkpoint
> VPN-1/Firewall-1 NG FP3 on freeBSD 5.3. Are there any BSD specific
> security issues I should worry about? I've checked out the Checkpoint
> site but since I haven't actaully purchased a license yet (im going to
> use the evaluation version to test it out first) I can't access some
> of the security documentations they've published. Also, I'm not
> exactly clear on how checkpoint will work in freeBSD environment
> because I'm used to Windows GUI when installing the security rules and
> policies.

Ryan,

I'm sure you have a reason for trying this, but mind if I ask why?
I think that may be general question you get. FreeBSD 5.x tree has
a very nice firewall built in, OpenBSD's pf(4). Sure there are
things pf(4) can't do yet, but will you require those features?
pf(4) does other things that CheckPoint doesn't (as well as other
firewalls), but what are your requirements?  Not getting into a
match between CheckPoint vs pf(4)....

If you are going to run CheckPoint because of "business requirements,"
make sure FreeBSD itself is approved. Addtionaly, are you sure
CheckPoint will run on today's FreeBSD? Yes, Nokia's IPSO is a
heavily modified FreeBSD, but I think that may even be before the
a.out -> elf conversion, which was a long long time ago in FreeBSD.
Nokia does very little to keep its release in check with today's
FreeBSD. Check with them first.

As for CheckPoint GUI's and what not, CheckPoint is CheckPoint -
doesn't matter what platform runs underneath it - the CheckPoint
stuff stays the same. Depending on the underlying OS, there may be
other things, such as IPSO's Voyager, and things like that....

Okan

-- 
Okan Demirmen <okan at demirmen.com>
PGP-Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB3670934
PGP-Fingerprint: 226D B4AE 78A9 7F4E CD2B 1B44 C281 AF18 B367 0934