Windows as an enforcement point platform greatly limits your capabilities -- most of the advanced features aren't compatible with windows. It also is something of an oxymoron -- an inherently insecure OS used as the platform for a security solution. At this time, 2008R2 is not supported -- only 32-bit.
What many of my customers who like Windows do is deploy the smartcenter on Windows but use something else for enforcement (secureplatform). Your environment seems like a poor choice for this -- cost, complexity, etc. Single-box solution makes sense -- your requirements are fairly minimal. Unfortunately, if you're looking to add a second box, your only viable option is the UTM-1 platform, as those support both gateway and management HA on the same pair of boxes -- open servers don't allow for this. Otherwise, split management from enforcement and you'll be ready to go. On Thu, Oct 21, 2010 at 4:57 AM, Dave Hornby <dave.hor...@totalsystems.co.uk > wrote: > I am looking at upgrading our checkpoint firewall (Currently R60!) at > some point soon and need to do a hardware refresh at the same time. > > Whilst I know checkpoint quite well, I am much more familiar with the > Windows operating systems as a base for checkpoint to run on. > > So....Does anyone know if Checkpoint have any plans to support Windows > 2008R2? As I see currently there is only 32bit support. > > Also with regular patching is Windows really a bad choice security wise? > > Currently we run a single box Checkpoint firewall but I may add in a 2nd > box for resilience (Cost dependant!) > > My preferences are to either go down the appliance route or run with > Checkpoint on Windows. > > As a guide we use the firewall for the following: > > 100 Users web access > 30 Users remote connectivity (Will be via Endpoint security Client) > 20 B2B IPSEC VPN's > With up to 20 Hosted server accessible across the internet (A mix of Web > and Terminal services servers) > > I will also want to turn on IPS and possibly some other functionality > (But NOT AV, SPAM or URL filtering) > > Does anyone have any recommendations? > > Many thanks > Dave > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to lists...@amadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway.