Network Security
Check Point network security
solutions are the marketleading choice for securing the
network infrastructure.
Power-1 Appliances
KEY BENEFITS
n
Delivers gateway throughput up to
14 Gbps and intrusion prevention
throughput up to 6.1 Gbps
n
Streamlines deployment of enterprise
security with a hardware/software
solution from a single vendor
n
Centrally manages security policy for
all sites with a single management
console
n
Protects against emerging threats
with SmartDefense™ Services
subscription
n
Offers additional UTM capabilities
as options
Security for high-performance environments
Check Point Power-1™ appliances enable organizations to maximize security
in high-performance environments such as large campuses or data centers.
They combine firewall, IPSec VPN, and intrusion prevention with advanced
acceleration technologies, delivering a high-performance security platform for
multi-Gbps environments.
Industry-leading firewall
VPN/firewall protection secures hundreds of
applications and protocols including VoIP,
instant messaging (IM), and peer-to-peer (P2P)
applications
VPN (site-to-site, remote
access)
Feature-rich, easy-to-configure IPSec and
SSL VPNs*
Centralized, multi-site
management
Streamlines policy management for all sites via
single console
Intrusion prevention
system (IPS)
Advanced IPS with both signature- and
protocol-anomaly-based detection
High availability, load
balancing, and dynamic
routing
Reliability for critical applications and sites
Web application
security*
Protection against Web attacks such as buffer
overflow, SQL injection and cross-site scripting
Web filtering*
Best-of-breed Web filtering protects against
threats such as spyware, viruses, and
inappropriate Web content
Messaging security,
including email security
and anti-spam*
Protection against the three major messaging
attack vectors: spam, malware delivered in
messages, and attacks against the messaging
infrastructure
*Available as an optional license.
The NGX platform delivers a unified
security architecture for Check Point.
Power-1 Appliances
Security for High-Performance
Environments
Proven application control
Power-1 appliances include technology from VPN-1®, the
most proven VPN/firewall available. They can examine hundreds of applications, protocols, and services out of the box.
As new applications and network-layer threats appear, Power-1
appliances can be updated to add more security features.
Integrated intrusion prevention
The integrated SmartDefense IPS utilizes signature- and
protocol-anomaly-based intrusion prevention to protect
business-critical services like FTP, HTTP, and VoIP from
known and unknown attacks. Similarly, Power-1 can control
policy for applications such as IM and P2P. Additionally, Web
Intelligence™ Web application security can be added to block
attacks such as buffer overflows, SQL injection, and crosssite scripting.
SmartDefense intrusion prevention stops attacks against
advanced applications such as SIP-based VoIP.
SmartDefense Services enable you to configure Power-1 into
a preemptive security solution, capable of ensuring your networks are safe from new attacks via ongoing and automatic
defense updates.
Power-1 appliances can also be easily expanded to add
optional security features such as antivirus, anti-spyware
and anti-spam protections.
Advanced acceleration technologies
To ensure a high service level for business applications,
Power-1 appliances include software-based acceleration
technologies. These technologies accelerate network-layer
functions, such as firewall access control, and applicationlayer functions, such as intrusion prevention. Power-1
appliances currently deliver firewall throughput of up to
14 Gbps and intrusion prevention throughput of up to
6.1 Gbps. The key to achieving these numbers is the combination of patented Check Point acceleration technologies
and the underlying state-of-the-art hardware designed
for performance:
• CoreXL™ multi-core acceleration is the first security
technology designed to fully leverage multi-core
processors. It does this by sharing security inspection
duties throughout all cores
• SecureXL™ security acceleration accelerates security
inspection by removing the latency introduced as network
traffic passes through a security device
• ClusterXL™ enables near-linear performance increases by
clustering together multiple systems running VPN-1
These three technologies work together to fully accelerate
security inspection along a unified path that ensures both high
performance and high security.
Integrated Smartdefense
Intrusion Prevention
SmartDefense performance improves with patented security
acceleration technologies from Check Point.
Data center reliability
Power-1 includes technologies to ensure availability of services and applications. Multiple Power-1 appliances can be
clustered together to improve performance as well as provide
a high level of resilience. Each appliance has integrated
dynamic routing to increase reliability of connections.
Power-1 appliances also include integrated Quality of Service
(QoS). Applications or users can be given priority to ensure
proper performance. For example, multimedia applications
can be prioritized over non-time-sensitive applications such
as email.
Powerful site-to-site connectivity
Power-1 appliances can be linked to form advanced virtual
networks through IPSec VPNs. Manual setup of VPN tunnels
is replaced by a One-Click process, where new sites are
added automatically. These VPNs can include other Check
Point solutions or can be linked to third-party solutions to
simplify the transition to your Check Point infrastructure.
Secure, flexible remote access
Power-1 appliances can connect employees and business
partners to your trusted network through flexible remote access,
working seamlessly with a variety of Check Point VPN
Security for high-performance environments
clients. For on-demand access, Power-1 appliances can be
extended with optional licenses for SSL VPN remote access.
Single management console
Power-1 is managed from the Check Point SmartCenter™
management server, enabling you to centrally manage
security policy for all sites with a single management console.
Using this unified management, you can define a cohesive,
comprehensive security policy for a distributed architecture
across your entire environment. For auditing purposes, all
logs can be centrally viewed in a single interface.
Single console for multi-site
management of all security functions
power-1 SECURITY SPECIFICATIONS
Protection Details
Firewall
Protocol/application support
VoIP protection
Instant Messaging control
Peer-to-peer blocking
Network Address Translation
IPSec VPN
Encryption support
Authentication methods
Certificate authority
VPN communities
Topology support
Route-based VPN
VPN agent
SSL VPN
SSL-based remote access
SSL-based endpoint scanning
Intrusion prevention
Network-layer protection
Application-layer protection
Detection methods
Networking
Dynamic routing support
DHCP support
ISP redundancy
Performance and availability
High availability
Load balancing
Quality of Service
ISP redundancy
Traffic acceleration
Multi-core acceleration
puresecurity™
Secures more than 200 applications and protocols
SIP, H.323, MGCP, and SIP with NAT support
MSN, Yahoo, ICQ, and Skype (including over HTTP and SSL)
Kazaa, Gnutella, BitTorrent, eMule, IRC (including over HTTP)
Static/hide NAT support with manual or automatic rules
AES 128–256 bit, 3DES 56–168 bit
Password, RADIUS, TACACS, X.509, SecurID
Integrated X.509 certificate authority
Automatically sets up site-to-site connections when objects are created
Star and mesh
Utilizes virtual tunnel interfaces, numbered/unnumbered interfaces
Check Point Endpoint Security™, VPN-1 SecureClient™, VPN-1 SecuRemote®
Fully integrated SSL VPN gateway provides on-demand SSL-based remote access
Scans endpoint for compliance/malware prior to admission to the network
Blocks attacks such as DoS, port scanning, IP/ICMP/TCP-related
Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands, and more
Signature- and protocol-anomaly based
OSPF, BGP, RIP v1 and 2, Multicast: PIM-SM, PIM-DM, DVMRP
SecurePlatform™ DHCP server and relay
Protocol-based, source/destination, and port route decisions
Active/passive and active/active
Integrated ClusterXL® smart load balancing
FloodGate-1® for granular QoS
Automatically reroutes traffic to second interface
SecureXL™ accelerates security decisions
™
CoreXL balances security decisions across multiple cores
power-1 appliance SPECIFICATIONS
Power-1 5070
NGX R65 Power
Power-1 9070
NGX R65 Power
Firewall throughput
9.0 Gbps
14.0 Gbps
VPN throughput
2.4 Gbps
3.7 Gbps
Concurrent sessions
Users supported
VLANs
Intrusion prevention
Storage capacity
Physical Specifications
Enclosure
Dimensions (standard)
Dimensions (metric)
1.1 Million
Unlimited
256
4.5 Gbps
160 GB
1.1 Million
Unlimited
256
6.1 Gbps
2 x 160 GB
Software edition
Weight
GbE (10/100/1000) interfaces
10 GbE interfaces
NIC options
Management/sync ports
Dual, hot-swappable power supplies
Removable hard drives
Operating environment range
Power input
Power consumption
Compliance
2U
2U
17 x 20 x 3.46 in.
17 x 20 x 3.46 in.
431 x 509.5 x 88mm
431 x 509.5 x 88mm
14.5 kg
16.5 kg
31.9 lbs
36.3 lbs
8 + 4 optional
12 + 4 optional
2 optional
4 optional
4 x 1 GbE copper, SR fiber (single mode)
4 x 1 GbE copper, SR fiber (single mode)
4 x 10 GbE SR/LR fiber (single mode)
4 x 10 GbE SR/LR fiber (single mode)
2
2
Yes
Yes
1
2 (hot swappable)
Temperature: 5° to 40° C, Humidity: 10%-85% non-condensing, Altitude: 2,500m
100 ~ 240V; 50 ~ 60Hz
100 ~ 240V; 50 ~ 60Hz
250W (max.)
400W (max.)
UL 60950; FCC Part 15, Subpart B, Class A; EN 55024; EN 55022; VCCI V-3AS/NZS 3548:1995;
CNS 13438 Class A (test passed; country approval pending); KN22KN61000-4 Series, TTA;
IC-950; ROHS
Notes:
• Intrusion prevention throughput is tested using a blend of traffic similar to that seen on Internet routers.
• Spare parts, lights-out management, and NIC modules (line cards) available
contact check point
Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com
U.S. Headquarters
800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Endpoint Security On
Demand, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement,
Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer,
FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open
Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PureAdvantage, PURE Security, the puresecurity logo,
Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard,
Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense,
SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP
On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1
Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1
SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm
Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd.
or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The
products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents,
foreign patents, or pending applications.
April 15, 2008 P/N 502885
Open as PDF
Similar pages