Network security basics: A Buyer's Guide
A collection of articles that takes you from defining technology needs to purchasing options
Editor's Note: This Check Point NGFW product overview is part of a series on buying network security products for the enterprise. The series explores the evolution of network security and lays out some major use cases. It also looks at the buying criteria for network security products, and compares the leading network security vendors in the market.
Check Point Software Technologies Ltd. offers multiple appliance-based and virtualized NGFW products to meet the needs of most enterprises. Check Point NGFW products include identity awareness features that track and restrict access to sensitive information that are accessed by users, groups of users and even specific devices. The company also operates an application identity database that intelligently identifies 6,600 Web 2.0 applications and 260,000 social networking widgets. This allows administrators to create very granular controls around Web tools to implement better data loss prevention.
NGFW platform options
The Check Point NGFW portfolio has both physical and virtual appliance options. Additionally, customers can choose to purchase an NGFW hardware and software bundle, which allows them to upgrade their firewalls to virtual environments if they desire. The virtual appliances offer mimic capabilities found in the hardware appliance versions. Let's take a look at a few options.
1100 series appliances
Check Point's entry-level 1100 series provides a maximum of 100 Mbps of Layer 7 firewall, IPS throughput -- 50 Mbps with threat prevention enabled. It supports up to 5,000 concurrent connections and is equipped with 10/100/1000 Mbps Ethernet ports. The 1100 series within the Check Point NGFW family is tailored to small offices or remote sites with a maximum of 50 users.
12000 series appliances
The 12000 midrange series appliances consist of the 12200, 12400 and 12600 models. These firewalls are designed for large corporate offices and campuses. The top of the line 12000 delivers just over 3.5 Gbps of firewall, IPS and threat prevention throughput using recommended production settings. The highest performing model -- the 12600 -- can process up to 130,000 connections per second. Connectivity options range from 10/100/1000 Mbps copper to 1000Base-F SFP ports and even 10Base-F SFP ports.
61000 series appliances
The highest-end Check Point NGFW available is the 61000 series. These blade-chassis firewall systems were primarily designed for large data centers and service providers. Because the firewall can be fitted with several different blade options, connectivity is highly flexible. A fully loaded 61000 series appliance delivers up to 70 Gbps of firewall, IPS and threat prevention throughput using recommended production settings. The firewall can process up to 3 million connections per second.
Pricing and support
Enterprise-class Check Point NGFW hardware and software must be purchased through a Check Point partner, which determines final pricing. List prices for Check Point firewalls begin at under $1,000 and can exceed $1 million for a loaded 61000 chassis, including software licensing and support.
Support is offered either by Check Point or authorized independent agents. Both offer multiple service agreements and access to dedicated response, equipment replacement and knowledge bases. Access to updated software and bug fixes are standard for all support tiers.
Integrate an NGFW into your existing security architecture.
Finding clarity with NGFWs