ITKarma picture

After the publication of the article , more than two years have passed, the 1400 series models are removed from sale today. It's time for changes and innovations, CheckPoint tried to implement this task in the 1500 series. In this article we will consider models for protecting small offices or branches of the company, technical specifications, delivery features (licensing, management and administration schemes) will be presented, we will touch on new technologies and options.

Lineup


As new SMB models are presented: 1530, 1550, 1570, 1570R. You can view the products on the page of the CheckPoint portal. Logically, we will divide them into three groups: an office security gateway with WIFI support (1530, 1550), an office security gateway with support for WIFI + 4G/LTE (1570, 1550), a security gateway for industry (1570R).

Series 1530, 1550


ITKarma picture

The models have 5 network interfaces for the local network and 1 interface for Internet access, their bandwidth is 1 GB. Also in the presence of USB-C Console. Regarding technical specifications, DataSheet offers a large number of measured parameters for these models, we will focus on the most important (in our opinion).
Features
1530
1550
Maximum number of connections per second
10,500
14,000
Maximum number of concurrent connections
500,000
500,000
Throughput with Firewall + Threat Prevention (Mbps)
340
450
Throughput with Firewall + IPS (Mbps)
600
800
Firewall Bandwidth (Mbps)
1000
1000

* Threat Prevention refers to the following running blades: Firewall, Application Control, and IPS.

Models 1530, 1550 have a number of features:

  • Gaia 80.20 Embedded options list is available in SK Checkpoint
  • Mobile Access license for 100 concurrent connections comes with the purchase of any of the devices. It is worth considering that this feature of the SMB NGFW lineup allows you to save on a separate purchase of Mobile Access licenses, which are not included when purchasing other series of CheckPoint models.
  • The ability to manage a security gateway using the Watch Tower mobile application (it was written in more detail in our article. )

For whom series 1530, 1550 : this line is suitable for branch offices up to 100 people, provides remote connection, in the presence of various administration methods.

Series 1570, 1590


ITKarma picture

The older models in the 1500 series lineup have 8 interfaces for local connections, 1 interface for DMZ and 1 interface for Internet connection (the bandwidth of all ports is 1 GB/s). Also available are USB 3.0 Port and USB-C Console. Models come with support for 4G/LTE modems. Micro-SD card support included to expand the device’s internal memory.

Specifications are presented below:
Features
1570
1590
Maximum number of connections per second
15,750
21,000
Maximum number of concurrent connections
500,000
500,000
Threat Prevention Bandwidth (Mbps)
500
660
Throughput with Firewall + IPS (Mbps)
970
1300
Firewall Bandwidth (Mbps)
2800
2800

Models 1570, 1590 have a number of features:

  • Gaia 80.20 Embedded a list of options is available in the SK .
  • 200 Access concurrent Mobile Access License
    comes with the purchase of any of the devices. It is worth considering that this feature of the SMB NGFW lineup allows you to save on a separate purchase of Mobile Access licenses, which are not included when purchasing other series of CheckPoint models.
  • The ability to manage a security gateway using the Watch Tower mobile application (for more details, see our article ).

For whom series 1570, 1590 : this line is suitable for offices up to 200 people, provides remote connection, has the highest rates among the SMB family.

For comparison, indicators of previous models:
Features
1470
1490
Threat Prevention + Firewall Throughput (Mbps)
500
550
Throughput with Firewall + IPS (Mbps)
625
800

1570R


Special attention should be paid to the NGFW 1570R CheckPoint. It is designed specifically for the industrial industry and will be of interest to companies working in the field of: transportation, mining of useful resources (oil, gas, etc.), production of various products.

ITKarma picture

1570R is designed taking into account the features and conditions of its use:

  • network perimeter security and smart device control;
  • support for industrial protocols ICS/SCADA, the presence of a GPS connector;
  • fault tolerance when working in extreme conditions (high/low temperature, precipitation, increased vibration).

NGFW Specifications
1570 Rugged
Maximum number of connections per second
13,500
Maximum number of concurrent connections
500,000
Threat Prevention Bandwidth (Mbps)
400
Throughput with Firewall + IPS (Mbps)
700
Firewall Bandwidth (Mbps)
1900
Application Operating Conditions
-40ºC ~ 75ºC (-40ºF ~ + 167ºF)
Strength Certificates
EN/IEC 60529, IEC 60068-2-27 shock, IEC 60068-2-6 vibration

In addition, we separately highlight a number of features of the 1570R:

  • Gaia 80.20 Embedded options list is available in SK .
  • 200 Access concurrent Mobile Access License
    comes with the purchase of the device. It is worth considering that this feature of the new SMF NGFW lineup allows you to save on a separate purchase of Mobile Access licenses, which are not included when purchasing other series of CheckPoint models.
  • The ability to manage a security gateway using the Watch Tower mobile application (for more details, see our article )
  • Automatically generating policies/rules for IoT devices when they are connected to your local network. The rule is generated for each smart device and allows only those protocols that it needs for correct operation.

Managing the 1500 series


Having considered the technical characteristics and capabilities of the new devices of the SMB family, it is worth noting that there are various approaches in terms of their management and administration. The following typical schemes exist:

  1. Local Management.

    It is typically used in small businesses where there are several offices and there is no centralized infrastructure management. Advantages include: affordable deployment and administration of NGFW, the ability to interact with devices locally. The disadvantages include restrictions related to Gaia's capabilities: lack of a level of separation of rules, limited monitoring tools, lack of centralized storage of logs.

    ITKarma picture
  2. Centralized management through a dedicated Management Server. This approach is used when an administrator can manage several NGFWs, they can be located at different sites. The advantage of this approach is flexibility and control over the general state of the infrastructure, and some Gaia 80.20 Embedded options are available only with this scheme.

    ITKarma picture
  3. Centralized management through Smart-1 Cloud . This is the new CheckPoint NGFW management script. Your Management Server is deployed in a cloud environment, all management takes place through the Web-Interface, allowing you not to depend on the OS of your PC. In addition, the maintenance of the management server is reserved for CheckPoint specialists; its performance directly depends on the selected parameters and is easily scalable.

    ITKarma picture
  4. Centralized management through the SMP (Security Management Portal). This solution includes deploying in the cloud or locally one common web portal that can simultaneously manage up to 10,000 SMB devices.
  5. The ability to control via the Watch Tower mobile device is available only after deploying a full-fledged management option (see paragraphs 1-4). Details about this feature can be found in our article.

We note the most important in our opinion:

  1. Inability to deploy Mobile Access Portal. Users will be able to use Remote Access to access the internal resources of the company, but will not be able to connect to the SSL portal with your published applications.
  2. The following blades or options are not supported: Content Awareness, DLP, Updatable Objects, SSL inspection without categorization, Threat Extraction, MTA with Threat Emulation check, Antivirus for scanning archives, ClusterXL in Load Sharing mode.

At the end of the article, I would like to note that the topic of NGFW solutions for SMB has moved to a new level of support and interaction, due to the release of version 80.20 Embedded, a balance has been reached between the options for a full version of Gaia and the hardware capabilities of equipment for small offices. We plan to continue to publish a series of training articles, where we will consider the basic configuration of SMB solutions, performance tuning and their new options.

Большая подборка материалов по Check Point от TS Solution . Следите за обновлениями ( Telegram , Facebook , VK , TS Solution Blog , Яндекс.Дзен ).

Source