CheckPoint SP-5500 Firewall Evaluation

CheckPoint i-security SP-5500 Standard 3 Gigabit Ethernet port, the network can be extended to 12 when the application needs, there is a series of control port. In addition, this product adopts redundant power supply design, which increases the operation stability and maintainability of the platform. I-security's hardware acceleration device uses the security optimization chip and the burden Load engine technology (TOE) application, shares the CPU most of the bottom detection load, causes the CPU processing ability to apply more in the high level detection, in encounters the Dos attack the case, also does not affect the firewall the performance.

At present, more and more based on the application of attacks, hackers often use the firewall opened 80, 443 and other ports, through the use of HTTP direct intrusion into the network, simple packet filtering technology is powerless, which requires the firewall must have the protection based on the application layer. CheckPoint i-security SP-5500 is a stateful detection + application intelligent Firewall, Check point of the application of intelligent technology can be in-depth analysis of data content, to determine whether the communication compliance with the relevant protocol, and the Protocol in accordance with the expected use of data, This can achieve peer-to-peer control, worms and other application layer protection.

For large networks, 7x24 non-stop operation is required, and CheckPoint i-security SP-5500 hard drive and power hot-swappable redundancy keeps the system highly available. Even if there is a hardware or power failure, its redundant configuration can ensure uninterrupted operation of the network. In addition, the unique ISP link backup feature of CheckPoint i-security SP-5500 can connect multiple service provider links on one firewall, and when an ISP link in the network is interrupted by accident, CheckPoint i-security SP-5500 can still use other links to continue to operate, to achieve a comprehensive disaster-tolerant capability.

CheckPoint I-security SP-5500 is based on a standard user interface with a unified management architecture that can be easily integrated with all other standard interface products. It also has a wealth of extensible options: Ethernet card, Gigabit fiber network, VPN Accelerator, network processor, etc., to provide users with a variety of network connectivity and accessories options. CheckPoint i-security SP-5500 integrates the check Point Smartcenter Centralized management module, its user-friendly management interface can be easily large-scale, remote deployment and management.

Product Test

In this performance test, in the case of loading single rule and 100 rules, 100 pairs of bidirectional data flow and 120 second time are used to test respectively. The test results show that in two-way transparent mode, two-way routing mode based on 64, 128, 256, 512, 1024, 1280, 1518 RFC2544 standard package length test process, CheckPoint i-security SP-5500 Firewall throughput Performance overall good, in two-way transparency and routing mode, 64-byte test performance is 65.97%. 128-byte two-way transparent mode test scores are 88.4%, two-way routing mode when the test score is 86.85%, and in both modes, the use of more than 256 bytes of the test throughput can reach 100%. When a single rule is loaded in the NAT one-way routing mode, the 64-byte packet length is used for testing, and the throughput test is 97.68%, and the throughput is 100% when the packet length reaches more than 128 bytes.

In the delay test, the same seven kinds of RFC2544 standard test packet length, when the firewall loaded 100 rules, the online speed of 20%, 40%, 60% in the state of the firewall two-way routing mode delay test. During the test, the CheckPoint i-security SP-5500 Firewall maintained a lower latency, even when the throughput was at line 60%, the average latency for the 1518-byte packet length was only 28.04 microseconds (10-6 seconds).

In the security test, CheckPoint i-security SP-5500 also has a very good performance, for the test selected 18 kinds of attack scan, most can be completely blocked.

Summary

Overall speaking, CheckPoint I-security SP-5500 is a full-featured, excellent performance of the gigabit firewall products. State detection and application of intelligent technology, so that the user's network security can be more in-depth protection. This firewall is suitable for medium and large enterprise network as the core firewall to use.