Check Point released a new appliance, the SG80 or Series 80 appliance.
It is aimed for branch offices and it is positioned between UTM-1 appliances and UTM-1 Edge appliances.
Performance-wise it is very close to the bigger UTM-1 appliances, if we can trust die datasheets.
The specs are:
- Firewall Throughput 1500 Mbps
- VPN Throughput 220 Mbps
- IPS Throughput 720 Mbps
- AV Throughput 100 Mbps
Since I measured only 20 Mbps AV scanning throughput with R71 on a UTM-1 270 appliance, I don’t trust this figures for real rule bases and real live traffic. But anyway, at least good enough for comparison to other Check Point appliances.
The management of this gateway has to be done over a Security Management server of Provider-1, it is not self-managed unlike UTM-1 appliances.
The desktop form factor is quite nice, I’m just wondering about the cooling. The UTM-1 130 appliances use passive cooling, too, and can get pretty hot sometimes.
What’s nice for smaller offices are the build-in 8 LAN ports with GigabitEthernet, so under some circumstances you can eliminate an additional switch in the office. The SG80 has one additional Gigabit WAN port and a Gigabit DMZ port.
As for now I have no info about the hardware in this appliance, nor the operating system. But I think that it is SPLAT based, deriving from the feature set.
The SG80 is comparably low cost for the performance, as it starts at $2500,–
At the moment this appliance can only be configured over the R70.40 version management / SmartConsole.
The wizard is a little bit different than for normal gateways, but very straight forward.
They changed the SIC handling here. At creation of the object in SmartDashboard you enter a secret and you can install the policy for this device.
But SIC is not established right away, but status of this object is ‘waiting’.
The administrator in the remote office can install the appliance later and connect to the Security Management with this secret, establishing SIC completely.
It’s a mixture of handling normal gateways and Edge appliances and very nice.
Also the most needed configuration option can be chosen when creating the SG80 object using the wizard.
All in all it’s a very nice approach with this new appliance and I can’t wait to get my hand on one of this boxes to test it.
If you had the possibility to test one, please send your findings to blog@lachmann.org
Tobias Lachmann
UPDATE: The SG80 runs Secure Platform Embedded as operating system. Sounds like a striped down version of SPLAT to me.
Post a Comment