be_ixf;ym_201907 d_23; ct_50

Advanced Networking & Clustering Software Blade

Check Point Advanced Networking and Clustering simplifies network security deployment and management within complex and highly utilized networks, while maximizing network performance and security in multi-Gbps environments. This combination is ideal for high-end enterprise and data center environments where performance and availability are critical.

Benefits

Advanced networking features for maximum performance and availability

  • ISP redundancy for reliability and fault-tolerance
  • QoS prioritization guarantees bandwidth and controls latency
  • Application load balancing manages server workloads during high volume traffic

Advanced technologies provide maximum network security and performance

  • SecureXL accelerates multiple intensive security operations
  • CoreXL multicore acceleration increases deep inspection throughput
  • ClusterXL provides high availability and load sharing for business continuity

Integrated into the Check Point Infinity Architecture

  • Fully integrated with existing Check Point security products
  • Activate advanced networking and clustering on any Check Point Security Gateway
  • Saves time and reduces costs by leveraging existing security infrastructure

Features

Advanced Routing

Organizations looking to implement scalable, fault-tolerant, secure networks can use Advanced Networking to run industry-standard dynamic routing protocols including BGP, OSPF, RIPv1 and RIPv2 on security gateways. OSPF, RIPv1 and RIPv2 enable dynamic routing over a single autonomous system—like a single department, company, or service provider—to avoid network failures. BGP provides dynamic routing support across more complex networks involving multiple autonomous systems—such as when a company uses two service providers or divides a network into multiple areas with different administrators responsible for the performance of each.


Penalty Box

Penalty Box quickly blocks, reduces effects of attacks and optimizes processor utilization.

When hockey players break the rules, they are put in the penalty box for a set period of time, giving the opposing team more resources. Check Point’s Penalty Box works in a similar fashion. If suspicious traffic violates policy too frequently, it is dropped for a few minutes. Processing power is not wasted inspecting this unwanted traffic.

Penalty Box in Action:

  • The Pre-Penalty Box function identifies suspicious traffic
  • Places suspicious traffic into the watch list (this reduces false positives)
  • Traffic exceeding the policy violation rate is placed into Penalty Box
  • Penalty Box drops that traffic for a set period of time via drop templates
  • Offending traffic is dropped without further inspection, freeing processing power
  • When time expires, traffic is placed back into the watch list and fully inspected


Multicast Protocol Support

Advanced Networking also integrates multicast protocol support including IGMP, PIM-DM and PIM-SM.


QoS Prioritization for both Encrypted and Unencrypted Traffic

Advanced Networking lets you prioritize business-critical traffic such as ERP, database, and Web services traffic over less time-critical traffic. It also allows you to guarantee bandwidth and control latency for streaming applications such as Voice over Internet Protocol (VoIP) and video conferencing. In addition, with highly granular controls, Advanced Networking enables guaranteed or priority access to specific employees—even if they are remotely accessing network resources through a VPN tunnel.

Multi-core CPU Support with Patented CoreXL

CoreXL is a performance enhancing technology for security gateways on multi-core platforms providing near linear increases in performance as processing cores are added to a single system.


Gateway Clustering with Patented ClusterXL

ClusterXL provides high availability and load sharing that keeps businesses running without interruption. ClusterXL distributes traffic between clusters of redundant gateways, combining the computing capacity of multiple machines to increase total throughput. In the event of a gateway or network failure, connections are seamlessly redirected to a designated backup, maintaining business continuity. This enables near-linear scalability for large deployments without the cost of separate load-balancing equipment.


Security Acceleration with Patented SecureXL

Patented Check Point security acceleration technology, SecureXL, removes latency associated with intense security processing by creating a special device layer that can make security decisions earlier. In both servers and dedicated appliances, performance is affected negatively by memory, system-bus, and CPU speed as traffic passes through a system. By creating a SecureXL device layer, the Check Point security gateway enables security decisions to be made at a lower application level to remove performance bottlenecks.

After the start of a transaction, if a packet is examined using traditional security methods and is determined to be safe, the SecureXL device layer takes over responsibility for examining any remaining packets—cutting out latency caused by hardware design.


Flexible Server Load Balancing

Each connection request is directed to a specific server based on one of five predefined load balancing algorithms. The server load algorithm prevents any server from handling a disproportionately high volume of traffic. Each incoming connection request is directed to the server experiencing the lightest load.


ISP Redundancy

ISP Redundancy assures reliable Internet connectivity by allowing a single or clustered security gateway to connect to the Internet through redundant Internet Service Provider (ISP) links. This feature does not require costly new networking hardware or specialized knowledge to operate. Two modes are available: Load Sharing and Primary/Backup.


Integrated into the Check Point Infnity Architecture

Advanced Network and Clustering is fully integrated into the Check Point Infinity Architecture, saving time and reducing costs by allowing customers to quickly expand security protections to meet changing requirements.


Learn More

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO