FG1.pdf

The Challenge: The Solution: FLOODGATE-1 DATA SHEET The Check Point Architecture FloodGate-1 leverages Check Point's flexible threetier client/server architecture to form the foundation of the industry's only truly scalable management architecture. The three tiers consist of the Policy Editor, the Management Server, and Enforcement Modules. These components can run on a single platform or be distributed across multiple workstations/servers · Check Point Policy Editor: The policy editor is a Windows-based application used to centrally create and modify policies. · Check Point Management Server: The Management Server stores and distributes policies to enforcement modules. It also stores and all logging and monitoring data. · Enforcement Module: Enforcement modules apply policies at network access points. Each module includes Stateful Inspectiochine, and the IQ Engine. A Single Enterprise Policy The existence of the management server (the middle tier) allows a single enterprise policy to be defined and automatically distributed across multiple enforcement points. Enterprise policy changes can be made without reconfiguring each device. Two tier solutions, on the other hand, require that policies be stored at each individual enforcement point. As a result, any policy change requires that each device be separately reconfigured. INSPECT Virtual Machine IQ Engine FloodGate-1 Managed Traffic Flow Check Point Policy Editor Check Point Management Server Enforcement Modules Dynamic State Tables Application Presentation Session Transport Network 1 2 3 4 Advanced bandwidth management technology 1. High-performance traffic inspection 2. Traffic classified by user, application, etc. 3. Placed in proper queue based on classification 4. Scheduled for transmission based on the bandwidth policy Data Link Physical True Enterprise Management A single enterprise policy is stored on the management server and automatically distributed to each enforcement point. There is no need to reconfigure each enforcement point in the event of a policy change. The Check Point Architecture FloodGate-1 leverages Check Point's flexible threetier architecture to enable distribution of a single bandwidth management policy throughout an enterprise network. The three tiers consist of the Policy Editor, the Management Server, and Enforcement Modules. These components can run on a single platform or be distributed across multiple workstations or servers. The Check Point Policy Editor is a Windowsbased application used to centrally create and modify policies. The Check Point Management Server stores and distributes policies to enforcement modules. It also stores all logging and monitoring data. Enforcement Modules apply policies at network access points. Each module includes Stateful Inspection, the INSPECT Virtual Machine, and the IQ Engine. IQ Engine FloodGate-1's IQ Engine employs an innovative hierarchical Weighted Fair Queuing (WFQ) algorithm to precisely control the allocation of available bandwidth. The IQ Engine uses detailed traffic information from the INSPECT Virtual Machine to accurately classify traffic and place it in the proper transmission queue. Traffic Scheduler Traffic is then scheduled for transmission based on the bandwidth management policy. The IQ Engine includes a preemptive traffic scheduler so that high priority traffic is always given precedence over lower priority data. This results in exceptional accuracy when allocating bandwidth based on large weighted priorities, such as a 50:1 weighting between two Internet services. Innovative Technology FloodGate-1 delivers high-performance, policybased bandwidth management by leveraging the industry's most advanced traffic inspection and bandwidth control technologies. Stateful Inspection FloodGate-1 incorporates Check Point's patented Stateful Inspection technology to capture detailed state information on all network traffic, which is stored and updated dynamically. This cumulative data is used by FloodGate-1's Intelligent Queuing (IQ) Engine to implement the user-defined management policy. The INSPECTTM Virtual Machine enables FloodGate-1 to support more than 100 pre-defined Internet services and applications, providing unparalleled flexibility in defining bandwidth management policies. Specifications Operating Systems Management Server Solaris 2. 6, Solaris 7 & Enforcement Module (32 bit mode) Windows NT 4. 0 Management Client Windows NT 4. 0 Windows 95, 98 Solaris* 2. 5, Solaris* 2. 7 (32 bit mode) Platforms Pentium III or higher Sun SPARC (Solaris) Disk Space 30 MB Memory 192 MB Network Interface ATM Ethernet Fast Ethernet FDDI Token Ring * Real Time Monitor Window not supported on Solaris operating systems Product Features · Flexible bandwidth control with weighted priorities, guarantees, and limits · Integrated VPN bandwidth management · Enterprise policy management server · Real time graphical monitor Product Benefits · Reliable performance for businesscritical traffic such as VPN, ERP, and e-commerce · Eliminate the need to deploy separate products for VPN, firewall, and bandwidth policy management · Centrally modify policies without the need to reconfigure each enforcement point · Easily identify sources of network congestion S e c u r e V i r t u a l N e t w o r k A r c h i t e c t u r e Secure Virtual Network Architecture All Check Point Software products are built on our Secure Virtual Network (SVN) Architecture to provide secure and seamless connectivity of users, networks, systems and applications across Internet, intranet and extranet environments. For more information, please contact your Check Point Software reseller or go to www. checkpoint. com ©1999 Check Point Software Technologies Ltd. All rights reserved. Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer, FloodGate-1, INSPECT, IQ Engine, Meta IP, Open Security Extension, OPSEC, Provider-1, Reporting Module, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Appliance, VPN-1 Certificate Manager, VPN-1 Gateway, VPN-1 SecuRemote, VPN-1 SecureServer, and ConnectControl are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U. S. Patent No. 5,606,668 and 5,835,726 and may be protected by other U. S. Patents, foreign patents, or pending applications. P/N 32100100001 Organizations worldwide are increasingly using IP-based technologies to support critical applications on both Internet and private WAN links. VPN technologies, in particular, are making it possible to gain competitive advantage by connecting employees, partners, and customers using the Internet. Although the benefits of Internet technologies are undeniable, the resulting flood of IP-based traffic can cause severe congestion on limited WAN and Internet links. Too often, bandwidth-hungry discretionary traffic overwhelms business-critical traffic on these links. FloodGate-1--Reliable Performance for Critical Traffic Check Point Software Technologies solves the network congestion problem with FloodGate-1, a policy-based, enterprise bandwidth management solution for private WAN and Internet links. It optimizes network performance by assigning priority to business-critical traffic based upon relative merit. For example, ERP, database, or e-commerce applications running on a corporate VPN can be prioritized over discretionary web and email traffic. By aligning network resources with business goals, FloodGate-1 makes it possible to realize the true potential of IP networks. Bandwidth Management for VPN, Private WAN and Internet Links VPN-1 FireWall-1 FloodGate-1