IP 395 is a flash based IP 390 bud, they are the same

390 is classed as hybrid, with both disk and flash used.  395 is flash based only

HTH

I am looking more for feature changes. I want to push moving to the 395 as the 390 is no longer available for purchase and for what i am seeing online is showing and EOL of 2011.

Knowing Checkpoint as they always advise we go for the latest and greatest of everything, I would still suggest you go for what they advise, especially given they have rejected support in the past when folk dont listen to them

A bit pants, but very true.

CP have renamed all the new kit to use the new format of R70 where the last digit of the model number is used to define how many software blades can run on it, in teh case of the 395 then its 5 blades (easy enough yea>?)

AFAIK ther are no major feature differences between the 390 and 395 other than the flash and hard drive options

My apologies to Mr CheckPoint_Guru  (nice name btw)

You seem to be agreeing with me here in essence bud.

So the 390 and 395 is the same box, with a different name, with the silly convention of using the no of software blades it can run. :P

Note that your feature enhancements are all due to the software not the hardware.  Maybe I misread the original question but it was related to the hardware.  You can buy a 390, install R70 and call it 395.

As for the prices, I will take your word for it cos I am a techy, I leave the commercial aspect of prices etc to our sales guys.  (I also body swerve the minefield that is licensing)

Sorry if I was vague

So the major difference will be in the software aspects. Still a good buy in my opinion. I can get the 395 about 4K less right now with there promo trade in options. Thus giving me an extra 3K to purchase the extra ports I need. I need more than 4 ports as I want to begin running a new DMZ.

I like the cost savings aspects very much as this is my whole reason for this question. I am trying to provide upper management with the reasoning not only for the improvements of the equipment but what we will save on the ROI.

One question---

In respect to the IPS Software Blade....Would this be strong enough to be able to eliminate having an IDS Sensor postioned outside the firewall leaving the firewall to conduct all real time monitoring?

CP IPS blade is much better than the older smartdefence, but the answer to your question really depends on how much traffic you will be putting through the node as well as how much of it will you want to scan with IPS.

If mr guru can come up with stats on this performance I would be most interested, but normally this is very subjective to your network.

Normally, IDPs are installed "behind" your firewall and protect specific networks rather than in front of a firewall.

The firewall does quite good basic DOS protection on its own as well as full IPS when needed, but it can leave the purpose built IPS to site and really sift through the firewall traffic with a fine tooth comb to get better results.

As above, all of this is quite subjective to your own network and specific requirements to be honest.

I would probably test it first with SW IPS blade to see if ti can do what you want with no real adverse performance and then review the situation as to use the blade or get a purpose built IDP

So basically the R65 version has been shelved and replaced with R70. IP390 or 395 can run this new version without a problem i assume?