Allan Zeidler wrote:
Hi,
There is a lot improvement on Check Point R70. First of all, it has a new
architecture. The Smartdefense is gone, it was replaced with IPS Blade (and
not IPS-1!!!). There is Huge difference. IPS Blade has been written from the
scratch.
The new architecture is called Software Blades. You have the option to use
(and buy) only that blades that applies to you, just checking the checkbox
on the Smartcenter object (Smartcenter is not called Smartcenter, it is now
Security Management Server instead).
Same stuff, new licensing model. Nothing new under the sun.
The IPS now has more than 2.000 protections just out of the box, and will
keep it updated as fast as they can (following the MS Bulletin for example).
The new architecture reaches up to 3.3Gbps (I saw!) of througput with 99.5%
of all protections enabled, does not matter how many rules there is on your
rulebase. The signatures and behavior configuration are more granular, it is
possible to do a lot of things, like capture the packets and see exactly
what passed on the wire. Now you can create exceptions!
With the IPS blade enabled, Check Point did in paris ~ 2.2Gbps on a
Power-1 9070. Smaller boxes crumble under the load.
Real life: UTM-1 570 is rated at 1.1Gbps in the datasheet. With
Antivirus/Antispam/URL filtering enabled on the box it reaches 100% CPU
utilization at around 10-14Mbps.
Another good thing talking about IPS is that now you have a lot of reporting
tools. There is a basic Eventia license just to use to IPS reports. It is
cool.
The CoreXL is now fully integrated. The performance has been increased by
63% with Default IPS enable and 22x with full IPS enabled. The new
architecture uses the CPU core in a much intelligent way, separating the
processes for each core.
Can you stop quoting from the datasheet ? People are asking for real
life specs, not datasheet stuff.
Uhmmm...actually I didn't upgrade any customer but we are planning to. The
actual licensing will be unsupported on 2010 which will be need to use the
new license mode to purchase the products. The license now depends on the
Cores and the Blades used. There is a lot blades available to use, but there
are some products which is not blade yet, like Connectra.
Bye,
-
Allan Klaus
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
