Acceleration and Clustering
Software
Blade
Overview
The Check Point Acceleration and Clustering Software Blade delivers a set of advanced technologies, SecureXL and ClusterXL, that work together to maximize performance and security in high-performance environments. These work with CoreXL, which is included with the blade containers, to form the foundation of the Open Performance Architecture, which delivers throughput designed for data center applications and the high levels of security needed to protect against today’s application-level threats.
SecureXL: Security acceleration
Patented SecureXL is a technology interface that accelerates multiple, intensive security operations, including operations that are carried out by Check Point’s Stateful Inspection firewall. Using SecureXL, the firewall offloads operations to a performance-optimized software or hardware device, dramatically increasing throughput.CoreXL: Multicore acceleration
As the first security technology to fully leverage general-purpose multi-core processors, CoreXL introduces advanced core-level load balancing that increases throughput for the deep inspection required to achieve intrusion prevention and high throughput on the firewall. With CoreXL, high performance and high security can be achieved simultaneously.ClusterXL: Smart Load Balancing
ClusterXL provides high availability and load sharing that keeps businesses running without interruption. ClusterXL distributes traffic between clusters of redundant gateways, combining the computing capacity of multiple machines to increase total throughput. In the event of a gateway or network failure, connections are seamlessly redirected to a designated backup, maintaining business continuity.
Key Benefits
- Enables organizations to deploy the highest levels of application security at the highest-performance levels without compromise
- Delivers predictable performance as new threats appear
- Accelerates performance for multimedia or transaction-oriented applications
- Transparent failover for business continuity
- Effective load distribution that scales at the processor and system level
- Easy Software Blade deployment
Features
Security acceleration
SecureXL™, Check Point‘s patented security acceleration technology, removes latency associated with intense security processing by creating a special device layer that can make security decisions earlier. In both servers and dedicated appliances, performance is affected negatively by memory, system-bus, and CPU speed as traffic passes through a system. By creating a SecureXL device layer, the Check Point Security Gateway enables security decisions to be made at a lower application level to remove performance bottlenecks.
After the start of a transaction, if a packet is examined using traditional security methods and is determined to be safe, the SecureXL device layer takes over responsibility for examining any remaining packets—cutting out latency caused by hardware design. SecureXL can be implemented at both a hardware layer using network processors, as is done on some “Secured by Check Point” partner appliances, or at a virtualized software layer on open servers.
Multi-core CPU support
Multi-core CPU support enables Check Point Security Gateways to share traffic among cores of a single system, providing superior price/performance on a single server. The combination of multi-core CPUs and multi-threaded SecureXL security application technology is the foundation for the next generation of security acceleration—application-layer security. By joining a multi-core CPU with SecureXL security acceleration, Check Point Security Gateways can deliver more than 15 Gbps of intrusion prevention throughput.
Gateway clustering
To provide acceleration as well as enhanced reliability, organizations can use ClusterXL to cluster multiple VPN-1 security gateways to improve performance. ClusterXL combines stateful failover of security functions with the ability to dynamically share traffic loads among multiple gateways. This enables near-linear scalability for large deployments without the cost of separate load-balancing equipment.
Scales as new protections are added
Because Check Point security gateways are software-based solutions, it is possible for organizations to quickly take advantage of open-system hardware improvements such as multi-core CPUs or improved memory or bus speeds. By avoiding closed architectures—like those found in specialized security hardware that rely on ASICs, which cannot adapt to new threats for performance acceleration—Check Point Security Gateways enable you to maintain security against evolving threats without compromising on performance.
Specifications
| Feature | Details |
|---|---|
| SecureXL firewall product support (Performance Pack)* | Access control, encryption, NAT, accounting and logging, connection/session rate, general security checks, IPS features, CIFs resources, TCP sequence verification, dynamic VPN |
| Connection templates | Connection acceleration |
| Drop templates | Optimizes resources |
| High Availability modes supported | Active/Passive and Active/Active |
| Active/Active modes supported | Multicast and Unicast |
| Cluster Control Protocol port | UDP 8116 |
| State synchronization | Supports ClusterXL and OPSEC third party HA solutions |
| Sticky decision function | Ensures asynchronous connection support |
| WAN synchronization | Supported on synch networks with less then 100 ms latency |
| Duration limited synchronization | Preserves resources from synchronizing connections of short durations |
| Sync members supported | Up to 5 members |
| VLAN support | Yes |
| ClusterXL firewall product support* | Authentication/security servers, ACE servers and SecurID, IPS, sequence verifier, UDP encapsulation, SAM, ISP redundancy, Third party VPN peers, IP per user in Office Mode |
| Anti-spoofing support | Prevent spoofing of internal networks |
| ClusterXL API | Check Point and 3rd party ClusterXL status support |
| Critical device configuration | Interfaces, synchronization status, firewall policy status, ClusterXL process status, and firewall process status |
| Full ClusterXL management and status monitoring | Included in Check Point management blades |
*See the Release Notes and User Guide for specific details
Support
Threats to networks are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Services protect against emerging threats with critical hot software fixes, service packs, and major software upgrades.
Benefits
- Ensure continuous security with access to critical hot fixes and service packs
- Maximize ROI and investment with access to major upgrades and enhancements
- Increase security with the latest applications, features, and technologies
Next Steps
- Find a Partner
- Call US sales: 1-866-488-6691
- Contact Us Online
Resources
Check Point Software Blade Architecture Brochure- Software Blades Demo
- Software Blade Architecture White Paper
Software Blades
Security Gateway Software Blades