[nycbug-talk] freeBSD and Checkpoint

[dlavigne6 at sympatico.ca]

> 
> From: Okan Demirmen <okan at demirmen.com>
> Date: 2005/03/27 Sun PM 04:12:02 EST
> To: talk at lists.nycbug.org
> Subject: Re: [nycbug-talk] freeBSD and Checkpoint
> 
> On Sun 2005.03.27 at 15:19 -0500, Ryan Seu wrote:
> > Hi guys, I'm thinking about trying to install Checkpoint
> > VPN-1/Firewall-1 NG FP3 on freeBSD 5.3. Are there any BSD specific
> > security issues I should worry about? I've checked out the Checkpoint
> > site but since I haven't actaully purchased a license yet (im going to
> > use the evaluation version to test it out first) I can't access some
> > of the security documentations they've published. Also, I'm not
> > exactly clear on how checkpoint will work in freeBSD environment
> > because I'm used to Windows GUI when installing the security rules and
> > policies.
> 
> Ryan,
> 
> I'm sure you have a reason for trying this, but mind if I ask why?
> I think that may be general question you get. FreeBSD 5.x tree has
> a very nice firewall built in, OpenBSD's pf(4). Sure there are
> things pf(4) can't do yet, but will you require those features?
> pf(4) does other things that CheckPoint doesn't (as well as other
> firewalls), but what are your requirements?  Not getting into a
> match between CheckPoint vs pf(4)....
> 
> If you are going to run CheckPoint because of "business requirements,"
> make sure FreeBSD itself is approved. Addtionaly, are you sure
> CheckPoint will run on today's FreeBSD? Yes, Nokia's IPSO is a
> heavily modified FreeBSD, but I think that may even be before the
> a.out -> elf conversion, which was a long long time ago in FreeBSD.
> Nokia does very little to keep its release in check with today's
> FreeBSD. Check with them first.


Having heard the scoop from Nokia support engineers in class, IPSO is a heavily modified 2.x FreeBSD kernel. Scheduled to be replaced sometime in the next year or so with a Linux kernel.

Were you aiming to install the firewall module or the GUI client?

Dru