TABLE OF CONTENTS When it comes to your VPN-1/FireWall-1 platform s performance, more is definitely better. However, until very recently, high performance came at a high price. In order to lower the high cost of high performance, Check Point has developed a software add-on to VPN-1/FireWall-1 NG FP3 that will enable over 3Gbps of throughput on standard server hardware. This Performance Pack runs on Check Point SecurePlatform and Solaris. Support for the Nokia IP series is planned for the upcoming IPSO 3.7/NG FP4 release, in addition to the existing Nokia Flows. For sites that do not desire to use the Nokia IP series, SecurePlatform, or Solaris, there are other options such as Nortel s Alteon Switched Firewall or RapidStream s VPN/Firewall Appliances.
Performance Pack can provide midsize organizations with high-throughput solutions for sites that use FireWall-1 on high-speed links, particularly when high VPN throughput is desired.
Check Point gives the technology behind Performance Pack the name SecureXL. The terms Performance Pack and SecureXL can be used interchangeably, as we do in this chapter.
Performance Pack works by taking advantage of specific design features in the host OS and CPU. In other words, Performance Pack replaces some parts of FireWall-1 with code that is highly specific to the OS and CPU that Performance Pack will run on and highly optimized for that OS and CPU.
Examples of such enabling technology include separating performance-critical code from the main firewall executable; moving that code into kernel space, where it can run with...
