VPN-1 Power VSX

Overview

VPN-1® Power VSX™ is a multi-service security operations platform designed for large-scale environments like data centers and POP networks. Based on the proven security of VPN-1® Power, VPN-1 Power VSX provides comprehensive protection to multiple networks within complex infrastructures, securely connects them to shared resources like the Internet and DMZs, and allows each of them to interact with each other safely, while providing centralized management.

The VPN-1 Power VSX security operations platform enables organizations such as service providers and enterprises with distributed networks, to optimize hardware investment by operating this virtual network of routers, switches, and VPN-1 gateways utilizing a single piece of hardware. This reduces the hardware investment and physical space needed to achieve security across the entire network by replacing and consolidating physical security and network devices.

Benefits

• Optimizes hardware investment to keep total ownership costs low
• Improves operating efficiency in deploying new services
• Leverage carrier-class high-availability for consistent service quality
• Reduces physical space, power and staff requirements
• Protects against new threats through SmartDefense Services

Features

• Scalable virtual environment
• Flexible virtual connectivity
• High performance security
• Comprehensive security services
• Centralized security management

Scalable Virtual Environment
VPN-1 Power VSX is a multi-service operations platform designed to meet the demands of large-scale virtual environments. With VPN-1 Power VSX, administrators can create virtualized implementations of conventional physical topologies and designs such as central and remote DMZs. The VSX platform can create and manage up to 250 fully independent security systems on a single or clustered hardware platform, providing a highly scalable virtual platform while reducing hardware investment, space requirements and maintenance costs.

Flexible Virtual Connectivity
Virtual routers and switches can be used to forward traffic between networks located behind virtual systems, much in the same manner as their physical counterparts. VPN-1 Power VSX supports a wide range of routing scenarios, enabling flexible network connectivity.

• Virtual System in Bridge Mode
  VPN-1 Power VSX has the ability to host virtual systems running in either router or bridge mode. The ability to deploy virtual systems in bridge mode allows administrators to implement native layer-2 bridging instead of IP routing, and transparently add a virtual system to the network without reconfiguring network settings and topologies.
  
  
• Route propagation
  When a virtual system is connected to a virtual router or to a virtual switch, an administrator can choose to propagate its routing information to adjacent virtual devices. This feature enables network modes located behind neighboring virtual systems to communicate without the need for manual configuration.
  
  
• Overlapping IP address space
  VPN-1 Power VSX facilitates connectivity when multiple network segments share the same IP address range. This scenario occurs when a single VSX gateway protects several independent networks that assign IP addresses to endpoints from the same pool of IP addresses. Thus, more than one endpoint in a VSX environment may share the same IP address, provided that each is located behind different virtual systems. Overlapping IP address space in VSX environments is possible because each virtual system maintains its own unique state and routing tables. These tables can contain identical entries, but within different, segregated contexts.
  
  
• Source-based routing
  Source-based routing allows an administrator to define routing definitions that take precedence over ordinary, destination-based, routing decisions. This allows the administrator to route packets according to their source IP address or a combination of their source IP address and destination IP address. Source-based routing is useful in deployments where a single physical interface without VLAN tagging connects several protected customer networks. Each virtual system is connected to an internal virtual router. The virtual router routes traffic to the appropriate virtual system based on the source IP address, as defined in source-based routing tables.
  
  
• Dynamic Routing
  Virtual devices can communicate and distribute routes amongst themselves using dynamic routing. VPN-1 Power VSX provides full layer-3 dynamic routing for virtual systems and virtual routers. The following unicast and multicast dynamic routing protocols are supported: OSPF, RIP-v2, BGP-v4, IGMP, PIM-SM, PIM-DM.

High Performance Security
High bandwidth networks require high-performance gateways, in order to support thousands of users and applications. To provide security at wire speed, VPN-1 Power VSX can be deployed on multiple carrier-class platforms using Check Point's high performance technology, ensuring secure, resilient, multi-gigabit throughput. To maximize performance, capacity and system scalability, VPN-1 Power VSX provides the following features:

• Virtual System Load Sharing (VSLS) provides the ability to distribute virtual systems across cluster members, effectively distributing traffic load within a cluster.
  
  
• VSX Resource Control allows administrators to manage the processing load by guaranteeing that each virtual system will receive its minimum CPU allocation. Resources not needed by one virtual system are automatically made available to other virtual systems. Administrators can also limit the CPU time available to a lower-priority virtual system and assign more capacity to mission-critical virtual systems.
  
  
• VSX QoS Enforcement provides the ability to control network quality of service in the VSX network environment by supporting the Differentiated Services (DiffServe) protocol and assigning different transmission characteristics to different classes of service. This helps prioritize the order in which traffic will be processed, when resources are under heavy load.

Comprehensive Security Services
Based on FireWall-1® and SmartDefense™ intrusion prevention technologies, VPN-1 Power VSX provides comprehensive protection to multiple networks or VLANs within complex infrastructures, securely connecting them to shared resources like the Internet and DMZs. VPN-1 Power VSX gateways are based on Check Point-patented Stateful Inspection, the de facto standard for Internet security. VPN-1 Power VSX examines more than 150 predefined applications, services, and protocols out-of-the-box, ensuring that the vast majority of applications used by businesses are free of threats when entering the network. Examples include:

• Voice over IP—with many companies rushing to adopt VoIP applications to lower telecommunications costs, VPN-1 Power VSX offers comprehensive VoIP protocol support to secure critical business communications. VoIP protocols supported include H.323, SIP, MGCP and Skinny (SCCP).
  
  
• Instant messaging and P2P applications—these are common attack vectors for worms, viruses, and spyware. VPN-1 Power VSX provides security for these applications by inspecting their content or preventing them from entering the corporate network

VPN-1 Power VSX is supported by SmartDefense Services, which maintain the most current preemptive security for the Check Point security infrastructure. VPN-1 Power VSX also provides flexibility in secure remote access, supporting the most complete range of client access options (IPSec, SSL VPN, mobile access).

Proven, mature security management architecture
VPN-1 Power VSX is managed with Check Point’s SmartCenter™ and Provider-1® management solutions. Both provide powerful tools for centrally configuring, managing, and monitoring multiple VPN-1 Power VSX security operations platforms, virtual systems, and physical VPN-1 gateways. Based on Check Point’s Security Management Architecture (SMART), these solutions deliver the flexibility of choosing the appropriate management solution based on your network requirements. Check Point’s One-Click VPN technology also enables virtual systems to be added seamlessly to a VPN community. The new virtual system automatically inherits the appropriate properties and can immediately establish secure sessions with all other VPN community members within the enterprise network. Additional tools such as virtual system creation wizards and templates assist in enforcing server image standardization and further streamline the process of deploying and configuring VPN-1 Power VSX.

Used in conjunction with Provider-1, an enterprise can use VPN-1 Power VSX to segment different business groups or customers, and classify the network either by function or by network segment. Therefore, administrators can maintain separate policies for different network segments and can delegate or divide large rule-bases into several smaller rule-bases for ease of management and better control of network security.

Support

Check Point offers many technical support options for customers. These range from the Standard support plan that provides telephone assistance during normal business hours with next-day shipment of replacement appliances, to the Premium support plan providing 24/7 assistance with same day replacement shipment, up to the Premium+4H plan that provides a qualified engineer on-site within four hours to resolve any appliance-related issues. For additional information, please visit the Support Programs section of our website.