Introduction

In the latest release of FireWall-1 NG, Feature Pack 3 (NG-FP3), Check Point Software has introduced many new features. This chapter discusses some fundamental changes in software s methods of operation from 4. x to NG. Chapter 2 discusses the new SMART Clients introduced in FP3. Some of the key changes in NG include a much faster kernel, a revamp of static Network Address Translation (NAT), and the introduction of automatic Address Resolution Protocol (ARP), to name just a few. We will highlight the new features of the NG product and how these changes affect your FireWall-1 environment. For readers who are new to FireWall-1, this section outlines the ways that some of these key features function and what they can provide for your deployment.

NG is not an upgrade from 4. x. Check Point has spent a number of years redesigning the FireWall-1 product; NG represents that redesign. Some of the functions that were available in the 4. x version have been removed, replaced, or simply restructured from the ground up. NG contains new features that existing administrators will need to review before implementing.

The first area in which the NG product has significantly improved is in its throughput. NG increases the throughput on all platforms. (Visit www.checkpoint.com/products/choice/platforms/platforms_matrix.html for the specifics on platform and performance numbers.) For example, the Windows platform with Dual Xeon processors, 1GB RAM, and two 64-bit PCI Gigabit Ethernet cards will provide approximately 625Mbps throughput, with a platform price of around $5,000.