Friday, October 28, 2011

Impressive demo of 61000 in Paris

Tuesday this week I was lucky to attend Check Point road show dedicated to the new 61000 series appliance.



I has been genuinely impressed by the box.

New chassis are designed and manufactured in Israel by a company which name is not disclosed. Chassis includes 2 Security Switch Module (SSM) blades and up to 12 SGM blades - Security Gateway Modules. Each SGM is equivalent to 11000 series appliance.

Chassis has 3 power supplies and two management modules. Two chassis can run in an HA cluster.

It does not matter how many SGMs you have in your system, one or twelve. You define just one gateway object in SmartDashboard for the whole chassis.

If you start with a couple of blades, you do not need to change configuration to add more. Just plug in your new SGM, and it will be automatically populated and added to the system to share the load with others.

Performance ability is just amazing. We have performed live stress tests with for Spirent Avalanche boxes:



We could barely reach around 50% CPU usage with firewall rules, logs and IPS set to recommended protections. Spirent was not powerful enough to push the box further!!!

Load sharing on this chassis is another great thing. SSM shares the load between SGMs by creating flows. Each flow is defined by IP addresses and/or SPIs. Service ports can be added to this logic, if required. There is a new technology, SyncXL to provide redundancy between SGMs in case of failure.

Once more, from management perspective this is not a cluster. Sync and load sharing are all taken care by the appliance internally. Sync communications are performed on chassis backbone, no user intervention is required to configure it.

There are some limitations, like VSX not being supported for the moment. But guys, even considering all downsides, this is most probably the best and most performant security appliance in the world.

Well done, Check Point, really well done!

3 comments:

  1. Just wondering,what was the maximum throughput ?

    ReplyDelete
  2. It was around 40-45 Gbps of special Spirent traffic blend with recommended IPS profile enabled.

    Spirent just cannot push it harder.

    ReplyDelete