Call a Specialist Today! 888-785-4407

Check Point Advanced Networking & Clustering (ADNC) Software Blade
Ideal for high-end enterprise and datacenter environments

Check Point Advanced Networking and Clustering Software Blade

The Check Point Advanced Networking and Clustering Software Blade simplifies network security deployment and management within complex and highly utilized networks, while maximizing network performance and security in multi-Gbps environments. This combination is ideal for high-end enterprise and datacenter environments where performance and availability are critical.


Check Point Product
Check Point Security Gateway Blades
Advanced Networking & Clustering (ADNC) Blade
*The purchase of a Security Gateway container is required per user
#CPSB-ADNC
List Price: $1,540.00
Our Price: $1,240.00

Click here to jump to more pricing!

Benefits:

Advanced networking features for maximum performance and availability

  • ISP redundancy for reliability and fault-tolerance
  • QoS prioritization guarantees bandwidth and controls latency
  • Application load balancing manages server workloads during high volume traffic

Advanced technologies provide maximum network security and performance

  • SecureXL accelerates multiple intensive security operations
  • CoreXL multicore acceleration increases deep inspection throughput
  • ClusterXL provides high availability and load sharing for business continuity

Integrated into Check Point Software Blade Architecture™

  • Fully integrated with existing Check Point security policy management products
  • Activate advanced networking and clustering on any Check Point security gateway
  • Saves time and reduces costs by leveraging existing security infrastructure  

Features:


Advanced Routing

Organizations looking to implement scalable, fault-tolerant, secure networks can use the Advanced Networking Software Blade to run industry-standard dynamic routing protocols including BGP, OSPF, RIPv1 and RIPv2 on security gateways. OSPF, RIPv1 and RIPv2 enable dynamic routing over a single autonomous system—like a single department, company, or service provider—to avoid network failures. BGP provides dynamic routing support across more complex networks involving multiple autonomous systems—such as when a company uses two service providers or divides a network into multiple areas with different administrators responsible for the performance of each.

Multicast Protocol Support

The Advanced Networking Software Blade also integrates multicast protocol support in IP appliances, including IGMP, PIM-DM and PIM-SM.

Quality of Service Prioritization for Both Encrypted and Unencrypted Traffic

Advanced Networking lets you prioritize business-critical traffic such as ERP, database, and Web services traffic over less time-critical traffic. It also allows you to guarantee bandwidth and control latency for streaming applications such as Voice over Internet Protocol (VoIP) and video conferencing. In addition, with highly granular controls, Advanced Networking enables guaranteed or priority access to specific employees—even if they are remotely accessing network resources through a VPN tunnel.

ISP Redundancy

ISP Redundancy assures reliable Internet connectivity by allowing a single or clustered security gateway to connect to the Internet through redundant Internet Service Provider (ISP) links. This feature does not require costly new networking hardware or specialized knowledge to operate. Two modes are available: Load Sharing and Primary/Backup.

Flexible Server Load Balancing

Each connection request is directed to a specific server based on one of five pre-defined load balancing algorithms. The server load algorithm prevents any server from handling a disproportionately high volume of traffic. Each incoming connection request is directed to the server experiencing the lightest load.

Security Acceleration with Patented SecureXL

Patented Check Point security acceleration technology, SecureXL, removes latency associated with intense security processing by creating a special device layer that can make security decisions earlier. In both servers and dedicated appliances, performance is affected negatively by memory, system-bus, and CPU speed as traffic passes through a system. By creating a SecureXL device layer, the Check Point security gateway enables security decisions to be made at a lower application level to remove performance bottlenecks.

After the start of a transaction, if a packet is examined using traditional security methods and is determined to be safe, the SecureXL device layer takes over responsibility for examining any remaining packets—cutting out latency caused by hardware design. SecureXL can be implemented at both a hardware layer using network processors, as is done on some “Secured by Check Point” partner appliances, or at a virtualized software layer on open servers.

Multi-core CPU Support with Patented CoreXL

Multi-core CPU support enables Check Point Security Gateways to share traffic among cores of a single system, providing superior price/performance on a single server. The combination of multi-core CPUs and multi-threaded SecureXL security application technology is the foundation for the next generation of security acceleration—application-layer security.

Gateway Clustering with Patented ClusterXL

ClusterXL provides high availability and load sharing that keeps businesses running without interruption. ClusterXL distributes traffic between clusters of redundant gateways, combining the computing capacity of multiple machines to increase total throughput. In the event of a gateway or network failure, connections are seamlessly redirected to a designated backup, maintaining business continuity. This enables near-linear scalability for large deployments without the cost of separate load-balancing equipment.

Integrated into Check Point Software Blade Architecture

The Advanced Network and Clustering Software Blade is fully integrated into the Software Blade architecture, saving time and reducing costs by allowing customers to quickly expand security protections to meet changing requirements.

Specifications:

The Advanced Networking and Clustering Software Blade, which is available on many Check Point appliances, combines the features and functionality of two earlier Software Blades—Advanced Networking and Acceleration & Clustering, which are still available for other appliances. The following tables describe the supported protocols and capabilities, as well as which Software Blades should be ordered for each type of appliance.

Advanced Networking Specifications


Feature Details
Supported Internet Protocols
  • IPv4 RFC 791
  • ICMP RFC 792
  • ARP RFC 826
  • ICMP router discovery (server) RFC 1256
  • Router discovery v6 (ICMP v6) RFC 24661
  • CIDR RFC 1519
  • Static routes
  • Multicast tunnels1
  • IPv6 core RFCs1
  • VRRPv2 RFC 37681
  • VRRPv3 (IPv6) draft-ietf-vrrp-ipv6-spec-08.txt1
  • Requirements for IPv4 routers RFC 1812
  • Quality of service1
  • RFC 2474 (general diffserv PHB information)
  • RFC 3246 (EF behavior description)
  • RFC 2597 (AF behavior description)
  • Bootp/DHCP relay RFCs 951, 2131
  • Route aggregation and redistribution
  • Unnumbered interfaces
  • Link negotiation IEEE 802.3ad
  • Flow control IEEE 802.3x
  • Private (RFC 1918) and public IP routing
  • VLAN 802.1Q transparent mode
Dynamic Routing Protocols
  • RIP RFC 1058
  • RIP version 2 (with authentication) RFC 1723
  • RIPng (IPv6) RFC 20801
  • OSPFv2 RFC 2328
  • OSPF NSSA RFC 31011
  • OSPFv3 (IPv6) RFC 27401
  • BGP4 RFCs 1771, 1963, 1966, 1997, 2918
  • BGP4++ RFC 2545, 2858 (unicast IPv6)
Multicast Protocols1
  • IGMPv2 RFC 2236
  • IGMPv3 RFC 33761
  • PIM-SM RFC 4601
  • PIM-SSM RFC 46011
  • PIM-DM RFC 3973
  • PIM-DM state refresh draft-ietf-pim-refresh-02.txt1
  • DVMRP (multicast) RFC 10751
Quality of Service (QoS)
Minimum Bandwidth Allocation Weighted Fair Queuing (WFQ) algorithm. Guarantees can be set for a group of connections in aggregate or on a per-connection basis
Weighted Priorities Allocates bandwidth according to relative merit as defined by business requirements
Bandwidth Limits Sets bandwidth restrictions for non-critical network applications
Low Latency Queuing (LLQ)
Reduces delay for latency-sensitive traffic
Server Load Balancing Distributes network traffic among a number of servers. Supports various load-balancing methods (including server load, round trip, round robin, random, and domain) and server availability checks
Integrated Differentiated Services (DiffServ) Enables service providers to offer end-to-end QoS for VPN and unencrypted traffic on IP WANs
ISP Redundancy
Multiple modes Load sharing or primary/backup
1 Available on IP appliances

Acceleration and Clustering Specifications


Feature Details
SecureXL Firewall Product Support (Performance Pack) Access control, encryption, NAT, accounting and logging, connection/session rate, general security checks, IPS features, CIFs resources, TCP sequence verification, dynamic VPN
Connection Templates Connection acceleration
Drop Templates Optimizes resources
High Availability Modes Supported Active/Passive and Active/Active
Active/Active Modes Supported  Multicast and Unicast
Cluster Control Protocol Port UDP 8116
State Synchronization Supports ClusterXL and OPSEC third party High Availability (HA) solutions
Sticky Decision Function Ensures asynchronous connection support
WAN Synchronization Supported on synch networks with less than 100 ms latency
Duration Limited Synchronization Preserves resources from synchronizing connections of short durations
Sync Members Supported Up to 5 members
VLAN Support Yes
ClusterXL Firewall Product Support Authentication/security servers, ACE servers and SecurID, IPS, sequence verifier, UDP encapsulation, SAM, ISP redundancy, third-party VPN peers, IP per user in office mode
Anti-spoofing Support Prevent spoofing of internal networks
ClusterXL API Check Point and third-party ClusterXL status support
Critical Device Configuration Interfaces, synchronization status, firewall policy status, ClusterXL process status and firewall process status
Full ClusterXL Management and Status Included in Check Point management

Appliance Support

The Advanced Networking and Clustering Software Blade is available for most Check Point appliances that were announced in 2011. For other platforms, this functionality is provided via two Software Blades.  The following table details Software Blade compatibility for Check Point appliances.

Appliances Software Blades Supported
  • 12600
  • 12400
  • 12200
  • 4800
  • 4600
  • 4200
  • 2200
  • Advanced Networking
    and Clustering Software Blade
  • 61000
  • 21400
  • Power-1
  • IP Appliances
  • IAS
  • Advanced Networking Software Blade
  • Acceleration and Clustering Software Blade

Pricing Notes:

Check Point Product
Check Point Security Gateway Blades
Advanced Networking & Clustering (ADNC) Blade
*The purchase of a Security Gateway container is required per user
#CPSB-ADNC
List Price: $1,540.00
Our Price: $1,240.00
Check Point Security Gateway Blades for High Availability
Advanced Networking & Clustering (ADNC) Blade for High Availability
*The purchase of a Security Gateway container is required per user
#CPSB-ADNC-HA
List Price: $1,230.00
Our Price: $990.00