Solution Sheet
Crossbeam® Virtualized Security Services
Enabling Highly Efficient Infrastructure Utilization
CUSTOMER NEEDS, BUSINESS AND OPERATIONAL IMPACTS
Increasingly, a comprehensive security policy mandates the need for enterprises to
deploy firewalls both as traditional perimeter security and also within the enterprise
network itself. And in some cases compliance regulations make it a requirement. But
implementing IPS technology requires enterprises to deploy racks of FW appliances
and network switching gear. The result is huge increases in network segmentation,
increased network and security services complexity and skyrocketing operations cost.
The resulting “security appliance sprawl” is driving the need for a simpler and more
effective security services deployment – the Crossbeam Virtual Security Services
BENEFITS
Anticipates Future
Risks – Future-proofed
virtualization platform
that can address yet
unknown security
threats & compliance
requirements.
(VSS) Solution. This VSS solution represents the virtualization of the latest FW and
IPS technologies – it blends both sophisticated application-aware firewalls with IPS in
Preserves Application
a virtualized methodology that breaks barriers in terms of cost savings and
Choice – Permits
consolidation.
choice and application
flexibility without
Yet no single vendor has best-of-breed application offerings in both FW and IPS. This
alone limits the potential for effective convergence. Furthermore, the scaling needs of
each technology are different and generate multi-dimensional requirements for the
underlying hardware platform.
THE SOLUTION ARCHITECTURE
compromising tight
integration. Platform is
highly adaptable to
accommodate future
threats.
Check Point VPN-1 ® Power VSX™ deployed on the Crossbeam X-Series security
Reduces Complexity –
services platform is a fully virtualized security gateway that enables the creation of up
Massive consolidation,
to 250 virtual systems – firewall, VPN, and intrusion prevention, all on a single highly
from load balancers,
resilient, scalable chassis. Each virtual system represents a unique routing and
switches, and security
security domain, with its own security and VPN policy, configuration parameters,
appliances – enables
interfaces and links, and secure internal communication certificate. The Crossbeam X-
significantly lower TCO
Series platform provides carrier class resiliency and performance, completely
and compelling ROI.
redundant hardware modules, switching fabrics, and control plane in a chassis that
scales up to 40Gbps of throughput performance*. This solution has been jointly tested
and validated by Crossbeam and Check Point.
THE CROSSBEAM SOLUTION: DIFFERENTIATED VALUE
Delivers High
Performance Security
– Up to 40Gbps of
processing and
throughput capability,
This virtualized security solution consolidates various hardware, networking, and
application processing elements, while providing completely isolated, independent
virtual security devices. The result is highly efficient utilization of infrastructure and
centralization of management and security policy control – all combining to
significantly reduce security deployment costs and management complexity.
fully 10GE enabled,
supports hundreds of
virtualized entities and
thousands of users,
guaranteeing multigigabit service
delivery*.
Solution Sheet
COMPONENTS OF THE NEXT GENERATION FIREWALL
Crossbeam® X-Series platform uses a patent-pending system architecture that consists of the chassis
(X40, X45, X80) and three hardened components – Network Processor Module (NPM), Control Processor
Module (CPM), and Application Processor Module (APM) – resulting in the industry’s most highly available,
reliable, and best performing next generation security platform. Crossbeam’s patented XOS™ operating
system forms the basis for integrating Check Point’s virtualized firewall into the Crossbeam platform.
SOLUTION TECHNICAL SPECIFICATIONS
CHASSIS (MODULE SUPPORT)
X45
up to 2 NPM, 3 APM, 2 CPM
X80
up to 4 NPM, 8 APM, 2 CPM
X40
up to 2 NPM, 10 APM, 2 CPM
SIZING GUIDELINES*
Virtual Systems (VS)
250 maximum/150 typical
Rules per VS
50 average
*Performance and capacity are measured under ideal testing conditions unless otherwise noted. Actual results may vary based on release and by deployment.
CHECK POINT VIRTUAL SECURITY FEATURES AND FUNCTIONS
Dynamic Routing per VS/VR
Single IP address for management
Virtual system wizard
VSX gateway reconfigure option
QoS support
ClusterXL synchronization
Virtualized URL filtering
Rapid provisioning using creation templates
Transparency - bridge mode for virtual systems
VOIP enhancements for securing MGCP traffic
CPU resource allocation per VS
VS load sharing
Client/Session Authentication
CHECK POINT ATTACK PROTECTION CAPABILITIES
Denial of service
IP and ICMP
UDP protocol enforcement
Anti-Spoofing
DNS cache poisoning defenses
VPN
Block IKE aggressive exchange
Content inspection
MS-SQL
SUN-RPC
Malicious code
MGCP service
IGMP Protections
TCP, FTP
Dynamic ports
Microsoft Networks
SIP advanced features
Resource records enforcement
Web intelligence
MS-RPC
SOCKS
DHCP
HTTP protocol inspection
Skinny Client Control Protocol (SCCP)
www.crossbeamsystems.com
Corporate Headquarters
80 Central Street
Boxborough, MA 01719 USA
p: [+1] 978-318-7500
f: [+1] 978-287-4210
Crossbeam, Crossbeam Systems, any logos associated therewith are trademarks or registered trademarks of Crossbeam Systems, Inc., in the U.S. Patent and
Trademark Office, and several international jurisdictions. All other company, product or service names not owned by Crossbeam mentioned in this document are the
property of their respective owners.
SS VSS 022708