1. NGFW for small businesses. New CheckPoint 1500 Security Gateway Line





More than two years have passed since the publication of the article , the 1400 series models have now been removed from sale. It's time for changes and innovations, this task CheckPoint tried to implement in the 1500 series. In the article, we will consider models for protecting small offices or branches of a company, technical specifications, delivery features (licensing, management and administration schemes) will be presented, and new technologies and options will be touched upon.



The lineup



The following are presented as new SMB models: 1530, 1550, 1570, 1570R. You can get acquainted with the products on the CheckPoint portal page . We will logically divide them into three groups: WIFI-enabled office security gateway (1530, 1550), WIFI + 4G / LTE-enabled office security gateway (1570, 1550), Industry security gateway (1570R).



Series 1530, 1550







The models have 5 network interfaces for local network and 1 interface for Internet access, their bandwidth is 1 GB. Also available USB-C Console. As for the technical characteristics, the DataSheet for these models offers a large number of measured parameters, but we will focus on the most important (in our opinion).

Specifications

1530

1550

Maximum connections per second

10,500

14,000

Maximum concurrent connections

500,000

500,000

Firewall + Threat Prevention throughput (Mbps)

340

450

Firewall + IPS throughput (Mbps)

600

800

Firewall throughput (Mbps)

1000

1000



* Threat Prevention refers to the following running blades: Firewall, Application Control, and IPS.



Models 1530, 1550 have a number of functionalities:



  • Gaia 80.20 Embedded for a list of options, see SK CheckPoint
  • Mobile Access license for 100 concurrent connections is shipped with the purchase of any device. It should be borne in mind that this feature of the SMB NGFW model range allows you to save on the separate purchase of Mobile Access licenses, which are not included with the purchase of other CheckPoint series of models.
  • The ability to manage the Security Gateway using the Watch Tower mobile application (for more details, see our article. )


For whom the 1530, 1550 series : this line is suitable for branch offices up to 100 people, provides remote connection, in the presence of various methods of administration.



Series 1570, 1590







The older models in the 1500 series lineup have 8 interfaces for local connections, 1 interfaces for DMZ and 1 interface for Internet connection (the throughput of all ports is 1 GB / s). Also available are USB 3.0 Port and USB-C Console. Models come with support for 4G / LTE modems. Includes support for Micro-SD cards to expand the internal storage of the device.



Specifications are presented below:

Specifications

1570

1590

Maximum connections per second

15750

21,000

Maximum concurrent connections

500,000

500,000

Threat Prevention throughput (Mbps)

500

660

Firewall + IPS throughput (Mbps)

970

1300

Firewall throughput (Mbps)

2800

2800



Models 1570, 1590 have a number of functionalities:



  • Gaia 80.20 Embedded for a list of options, see SK .
  • Mobile Access license for 200 concurrent connections is

    shipped with the purchase of any device. It should be borne in mind that this feature of the SMB NGFW model range allows you to save on the separate purchase of Mobile Access licenses, which are not included with the purchase of other CheckPoint series of models.
  • The ability to manage the Security Gateway using the Watch Tower mobile application (for more details, see our article ).


For whom the 1570, 1590 series : this line is suitable for offices up to 200 people, provides remote connection, has the highest performance among the SMB family.



For comparison, the performance of previous models:

Specifications

1470

1490

Threat Prevention + Firewall throughput (Mbps)

500

550

Firewall + IPS throughput (Mbps)

625

800



1570R



The NGFW 1570R CheckPoint deserves special attention. It is designed specifically for the industrial industry and will be of interest to companies working in the field of: transportation, extraction of useful resources (oil, gas, etc.), production of various products.







The 1570R is designed taking into account the features and conditions of its use:



  • network perimeter security and smart device control;
  • support for industrial protocols ICS / SCADA, the presence of a GPS connector;
  • fault tolerance when working in extreme conditions (high / low temperature, precipitation, increased vibration).


NGFW characteristics

1570 Rugged

Maximum connections per second

13,500

Maximum concurrent connections

500,000

Threat Prevention throughput (Mbps)

400

Firewall + IPS throughput (Mbps)

700

Firewall throughput (Mbps)

1900

Working conditions of use

-40ºC ~ 75ºC (-40ºF ~ + 167ºF)

Strength certificates

EN / IEC 60529, IEC 60068-2-27 shock, IEC 60068-2-6 vibration



In addition, let's highlight a number of 1570R functionalities:



  • Gaia 80.20 Embedded for a list of options, see SK .
  • Mobile Access license for 200 concurrent connections is

    supplied with device purchase. It should be borne in mind that this is a feature of the new SMB NGFW lineup, which allows you to save on the separate purchase of Mobile Access licenses, which are not included with the purchase of other CheckPoint series of models.
  • The ability to manage the Security Gateway using the Watch Tower mobile application (for more details, see our article )
  • Automatic generation of policies / rules for IoT devices when they are connected to your local network. A rule is generated for each smart device and allows only those protocols that it needs to work correctly.


1500 series control



Having considered the technical characteristics and capabilities of new devices of the SMB family, it is worth noting that there are different approaches in terms of their management and administration. The following typical schemes exist:



  1. .



    , . : NGFW, . , Gaia: , , .



  2. Management Server. , NGFW, . , Gaia 80.20 Embedded .



  3. Smart-1 Cloud. NGFW CheckPoint. Management Server , Web-, . CheckPoint, .



  4. Centralized management via SMP (Security Management Portal). This solution includes deploying in the cloud or on-premises a single shared web portal capable of simultaneously managing up to 10,000 SMB devices.
  5. The ability to manage via the Watch Tower mobile device is available only after the full management option is deployed (see points 1-4). Learn more about this feature in our article.


Let's note the most important ones in our opinion:



  1. Inability to deploy Mobile Access Portal. Users will be able to use Remote Access to access internal company resources, but will not be able to connect to the SSL portal with your published applications.
  2. : Content Awareness, DLP, Updatable Objects, SSL , Threat Extraction, MTA c Threat Emulation, Antivirus , ClusterXL Load Sharing.


At the end of the article, I would like to note that the topic of NGFW solutions for SMB has moved to a new level of support and interaction, due to the release of version 80.20 Embedded, a balance has been achieved between the options of the full version of Gaia and the capabilities of the hardware of the equipment for small offices. We plan to continue to publish a series of tutorials where we will consider the basic setup of SMB solutions, performance tuning and their new options.



A large selection of materials on Check Point from TS Solution . Stay tuned for updates ( Telegram , Facebook , VK , TS Solution Blog , Yandex.Zen ).



All Articles