Power-1 Appliances
Security for high-performance environments
Check Point Power-1™ appliances enable organizations to maximize security
in high-performance environments such as large campuses or data centers.
They combine firewall, IPSec VPN, and intrusion prevention with advanced
acceleration technologies, delivering a high-performance security platform for
multi-Gbps environments.
VPN/firewall protection secures hundreds of
Industry-leading firewall
applications and protocols including VoIP,
instant messaging (IM), and peer-to-peer (P2P)
applications
Network Security
Check Point network security
solutions are the marketleading choice for securing the
network infrastructure.
KEY BENEFITS
n
Delivers gateway throughput up to
14 Gbps and intrusion prevention
throughput up to 6.1 Gbps
n
Streamlines deployment of enterprise
security with a hardware/software
solution from a single vendor
n
Centrally manages security
policy for all sites with a single
management console
n
Protects against emerging threats
with SmartDefense™ Services
subscription
n
Offers additional UTM capabilities
as options
VPN (site-to-site, remote
access)
Centralized, multisite
management
Intrusion prevention
system (IPS)
High availability, load
balancing, and dynamic
routing
Web application
security*
Web filtering*
Messaging security,
including email security
and anti-spam*
*Available as an optional license.
Feature-rich, easy-to-configure IPSec and
SSL VPNs*
Streamlines policy management for all sites via
single console
Advanced IPS with both signature- and
protocol-anomaly-based detection
Reliability for critical applications and sites
Protection against Web attacks such as buffer
overflow, SQL injection and cross-site scripting
Best-of-breed Web filtering protects against
threats such as spyware, viruses, and
inappropriate Web content
Protection against the three major messaging
attack vectors: spam, malware delivered in
messages, and attacks against the messaging
infrastructure
The NGX platform delivers a unified
security architecture for Check Point.
Power-1 Appliances
puresecurity
™
SECURITY FOR HIGH-PERFORMANCE
ENVIRONMENTS
Proven application control
Power-1 appliances include technology from VPN-1®, the
most proven VPN/firewall available. They can examine hundreds of applications, protocols, and services out of the box.
As new applications and network-layer threats appear, Power-1
appliances can be updated to add more security features.
Integrated intrusion prevention
The integrated SmartDefense IPS utilizes signature- and
protocol-anomaly-based intrusion prevention to protect
business-critical services like FTP, HTTP, and VoIP from
known and unknown attacks. Similarly, Power-1 can control
policy for applications such as IM and P2P. Additionally, Web
Intelligence™ Web application security can be added to block
attacks such as buffer overflows, SQL injection, and crosssite scripting.
• SecureXL™ security acceleration accelerates security
inspection by removing the latency introduced as network
traffic passes through a security device
• ClusterXL™ enables near-linear performance increases by
clustering together multiple systems running VPN-1
These three technologies work together to fully accelerate
security inspection along a unified path that ensures both high
performance and high security.
INTEGRATED SMARTDEFENSE
INTRUSION PREVENTION
SmartDefense intrusion prevention stops attacks against
advanced applications such as SIP-based VoIP.
SmartDefense Services enable you to configure Power-1 into
a preemptive security solution, capable of ensuring your networks are safe from new attacks via ongoing and automatic
defense updates.
Power-1 appliances can also be easily expanded to add
optional security features such as antivirus, anti-spyware
and anti-spam protections.
Advanced acceleration technologies
To ensure a high service level for business applications,
Power-1 appliances include software-based acceleration
technologies. These technologies accelerate network-layer
functions, such as firewall access control, and applicationlayer functions, such as intrusion prevention. Power-1
appliances currently deliver firewall throughput of up to
14 Gbps and intrusion prevention throughput of up to
6.1 Gbps. The key to achieving these numbers is the combination of patented Check Point acceleration technologies
and the underlying state-of-the-art hardware designed
for performance:
• CoreXL™ multi-core acceleration is the first security
technology designed to fully leverage multi-core
processors. It does this by sharing security inspection
duties throughout all cores
SmartDefense performance improves with patented security
acceleration technologies from Check Point.
Data center reliability
Power-1 includes technologies to ensure availability of services and applications. Multiple Power-1 appliances can be
clustered together to improve performance as well as provide
a high level of resilience. Each appliance has integrated
dynamic routing to increase reliability of connections.
Power-1 appliances also include integrated Quality of Service
(QoS). Applications or users can be given priority to ensure
proper performance. For example, multimedia applications
can be prioritized over non-time-sensitive applications such
as email.
Powerful site-to-site connectivity
Power-1 appliances can be linked to form advanced virtual
networks through IPSec VPNs. Manual setup of VPN tunnels
is replaced by a One-Click process, where new sites are
added automatically. These VPNs can include other Check
Point solutions or can be linked to third-party solutions to
simplify the transition to your Check Point infrastructure.
Secure, flexible remote access
Power-1 appliances can connect employees and business
partners to your trusted network through flexible remote access,
working seamlessly with a variety of Check Point VPN
puresecurity
™
clients. For on-demand access, Power-1 appliances can be
extended with optional licenses for SSL VPN remote access.
Single management console
Power-1 is managed from the Check Point SmartCenter™
management server, enabling you to centrally manage
security policy for all sites with a single management console.
Using this unified management, you can define a cohesive,
comprehensive security policy for a distributed architecture
across your entire environment. For auditing purposes, all
logs can be centrally viewed in a single interface.
SUPPORT OPTIONS
Check Point offers many technical support options for
customers. These range from the Standard support plan
that provides telephone assistance during normal business
hours with next-day shipment of replacement appliances,
to the Premium support plan providing 24/7 assistance with
same-day replacement shipment, up to the Premium+4H plan
that provides a qualified engineer on-site within four hours to
solve any appliance-related issues. For more information on
these or other service and support offerings available in your
geography, please contact your Check Point representative or
visit the Support section of the Check Point Web site.
Security for high-performance environments
Single console for multisite management
of all security functions
POWER-1 SECURITY SPECIFICATIONS
Protection Details
Firewall
Protocol/application support Secures more than 200 applications and protocols
VoIP protection SIP, H.323, MGCP, and SIP with NAT support
Instant Messaging control MSN, Yahoo, ICQ, and Skype (including over HTTP and SSL)
Peer-to-peer blocking Kazaa, Gnutella, BitTorrent, eMule, IRC (including over HTTP)
Network Address Translation Static/hide NAT support with manual or automatic rules
IPSec VPN
Encryption support AES 128–256 bit, 3DES 56–168 bit
Authentication methods Password, RADIUS, TACACS, X.509, SecurID
Certificate authority Integrated X.509 certificate authority
VPN communities Automatically sets up site-to-site connections when objects are created
Topology support Star and mesh
Route-based VPN Utilizes virtual tunnel interfaces, numbered/unnumbered interfaces
VPN agent Check Point Endpoint Security™, VPN-1 SecureClient™, VPN-1 SecuRemote
SSL VPN
SSL-based remote access Fully integrated SSL VPN gateway provides on-demand SSL-based remote access
SSL-based endpoint scanning Scans endpoint for compliance/malware prior to admission to the network
Intrusion prevention
Network-layer protection Blocks attacks such as DoS, port scanning, IP/ICMP/TCP-related
Application-layer protection Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands, and more
Detection methods Signature- and protocol-anomaly based
Networking
Dynamic routing support OSPF, BGP, RIP v1 and 2, Multicast: PIM-SM, PIM-DM, DVMRP
DHCP support SecurePlatform™ DHCP server and relay
ISP redundancy Protocol-based, source/destination, and port route decisions
Performance and availability
High availability Active/passive and active/active
Load balancing Integrated ClusterXL® smart load balancing
Quality of Service FloodGate-1® for granular QoS
ISP redundancy Automatically reroutes traffic to second interface
Traffic acceleration SecureXL™ accelerates security decisions
Multi-core acceleration CoreXL™ balances security decisions across multiple cores
®
puresecurity
™
POWER-1 APPLIANCE SPECIFICATIONS
Power-1 5070 Power-1 9070
Software edition NGX R65 Power NGX R65 Power
Firewall throughput 9.0 Gbps 14.0 Gbps
VPN throughput 2.4 Gbps 3.7 Gbps
Concurrent sessions 1.1 Million 1.1 Million
Users supported Unlimited Unlimited
VLANs 256 256
Intrusion prevention 4.5 Gbps 6.1 Gbps
Storage capacity 160 GB 2 x 160 GB
Physical Specifications
Enclosure 2U 2U
Dimensions (standard) 17 x 20 x 3.46 in. 17 x 20 x 3.46 in.
Dimensions (metric) 431 x 509.5 x 88mm 431 x 509.5 x 88mm
Weight
14.5 kg
31.9 lbs
GbE (10/100/1000) interfaces 8 + 4 optional 12 + 4 optional
10 GbE interfaces 2 optional 4 optional
NIC options
4 x 1 GbE copper, SR fiber (single mode)
2 x 10 GbE SR/LR fiber (single mode)
4 x 1 GbE copper, SR fiber (single mode)
2 x 10 GbE SR/LR fiber (single mode)
Management/sync ports 2 2
Dual, hot-swappable power supplies Yes Ye s
Removable hard drives 1 2 (hot swappable)
Operating environment range Temperature: 5° to 40° C, Humidity: 10%-85% non-condensing, Altitude: 2,500m
Power input 100 ~ 240V; 50 ~ 60Hz 100 ~ 240V; 50 ~ 60Hz
Power consumption 250W (max.) 400W (max.)
UL 60950; FCC Part 15, Subpart B, Class A; EN 55024; EN 55022; VCCI V-3AS/NZS 3548:1995;
Compliance
CNS 13438 Class A (test passed; country approval pending); KN22KN61000-4 Series, TTA;
IC-950; ROHS
Notes:
• IntrusionpreventionthroughputistestedusingablendoftrafficsimilartothatseenonInternetrouters
• Spareparts,lights-outmanagement,andNICmodules(linecards)available
• AllPower-1modelscomewitha3-yearhardwarewarranty
16.5 kg
36.3 lbs
Worldwide Headquarters
CONTACT CHECK POINT
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Endpoint Security On Demand,
Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative
Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1,
Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security
Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider-1, PureAdvantage, PURE Security, the puresecurity logo,
Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard,
Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense,
SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP
On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1
Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1
SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm
Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd.
or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The
products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents,
foreign patents, or pending applications.
April 24, 2008 P/N 502902
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com
U.S. Headquarters
800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
Loading...