Check Point To Roll Out New VPN-1 Software

There's a huge demand in organizations for real-time bandwidth to power VoIP and transaction-oriented applications, but firewalls and threats disguised as legitimate traffic can drain bandwidth, said Bill Jensen, product marketing manager at Israel-based Check Point, which has U.S. offices in Redwood City, Calif.

In the new VPN-1 release, Check Point has bumped up firewall throughput from 10 gigabits per second (gbps) to 12 gigabits and doubled IPS speeds from 2.5 gbps to 5 gbps, Jensen said.

"This will let organizations gain protection in terms of application intelligence and deep packet inspection, which they've been afraid to turn on in the past for performance reasons," he said.

Aware that companies don't like upgrading their network infrastructure because of the headaches involved, Check Point has introduced a new plug-in architecture that lets businesses add security management features in a piecemeal fashion, Jensen said.

id
unit-1659132512259
type
Sponsored post

"Depending on the extent of the changes, customers may have no downtime," he said.

The new VPN-1 release includes a plug-in that handles security policy management, which was previously configured through a Web interface to Check Point's Connectra Web security gateway, according to Jensen.

Check Point also is bringing its VPN-1 gateway into its Integrity NAC solution, which had previously worked only in NAC deployments with 802.1x-based switches, Jensen noted.

The new VPN-1 release works together with Integrity to ensure that endpoints are in compliance with antivirus, patch level and policy requirements, Jensen said.

Check Point is also leveraging Intel's VPro technology, which the chip maker is building into new CPUs and network interface cards for remote management, to provide post-admission NAC functions, according to Jensen.

Through the application intelligence built into VPN-1, the software can detect malicious activity that goes against policy, shut off the NIC and quarantine the PC to where it's at in the network, Jensen said.