The Challenge:
The Solution:
FLOODGATE-1
DATA
SHEET
The Check Point
Architecture
FloodGate-1 leverages Check Point's flexible threetier client/server architecture to form the foundation
of the industry's only truly scalable management
architecture.
The three tiers consist of the Policy
Editor, the Management Server, and Enforcement
Modules.
These components can run on a single
platform or be distributed across multiple workstations/servers
· Check Point Policy Editor: The policy editor is a
Windows-based application used to centrally create
and modify policies.
· Check Point Management Server: The
Management Server stores and distributes policies to
enforcement modules.
It also stores and all logging
and monitoring data.
· Enforcement Module: Enforcement modules apply
policies at network access points.
Each module
includes Stateful Inspectiochine, and the IQ Engine.
A Single Enterprise Policy
The existence of the management server (the middle
tier) allows a single enterprise policy to be defined
and automatically distributed across multiple
enforcement points.
Enterprise policy changes can
be made without reconfiguring each device.
Two tier
solutions, on the other hand, require that policies be
stored at each individual enforcement point.
As a
result, any policy change requires that each device
be separately reconfigured.
INSPECT
Virtual Machine
IQ
Engine
FloodGate-1
Managed Traffic
Flow
Check Point
Policy Editor Check Point
Management Server
Enforcement
Modules
Dynamic State
Tables
Application
Presentation
Session
Transport
Network
1
2
3
4
Advanced bandwidth management technology
1.
High-performance traffic inspection
2.
Traffic classified by user, application, etc.
3.
Placed in proper queue based on classification
4.
Scheduled for transmission based on the bandwidth policy
Data Link
Physical True Enterprise Management
A single enterprise policy is stored on the management server and automatically
distributed to each enforcement point.
There is no need to reconfigure each
enforcement point in the event of a policy change.
The Check Point
Architecture
FloodGate-1 leverages Check Point's flexible threetier architecture to enable distribution of a single
bandwidth management policy throughout an
enterprise network.
The three tiers consist of the
Policy Editor, the Management Server, and
Enforcement Modules.
These components can run
on a single platform or be distributed across multiple workstations or servers.
The Check Point Policy Editor is a Windowsbased application used to centrally create and
modify policies.
The Check Point Management Server stores
and distributes policies to enforcement modules.
It
also stores all logging and monitoring data.
Enforcement Modules apply policies at network
access points.
Each module includes Stateful
Inspection, the INSPECT Virtual Machine, and the
IQ Engine.
IQ Engine
FloodGate-1's IQ Engine employs an innovative
hierarchical Weighted Fair Queuing (WFQ)
algorithm to precisely control the allocation of
available bandwidth.
The IQ Engine uses detailed
traffic information from the INSPECT Virtual
Machine to accurately classify traffic and place it in
the proper transmission queue.
Traffic Scheduler
Traffic is then scheduled for transmission based on
the bandwidth management policy.
The IQ Engine
includes a preemptive traffic scheduler so that high
priority traffic is always given precedence over
lower priority data.
This results in exceptional
accuracy when allocating bandwidth based on large
weighted priorities, such as a 50:1 weighting
between two Internet services.
Innovative Technology
FloodGate-1 delivers high-performance, policybased bandwidth management by leveraging
the industry's most advanced traffic inspection and
bandwidth control technologies.
Stateful Inspection
FloodGate-1 incorporates Check Point's patented
Stateful Inspection technology to capture detailed
state information on all network traffic, which is
stored and updated dynamically.
This cumulative
data is used by FloodGate-1's Intelligent Queuing
(IQ) Engine to implement the user-defined management policy.
The INSPECTTM
Virtual Machine enables FloodGate-1
to support more than 100 pre-defined Internet
services and applications, providing unparalleled
flexibility in defining bandwidth management
policies.
Specifications
Operating Systems
Management Server Solaris 2.
6, Solaris 7
& Enforcement Module (32 bit mode)
Windows NT 4.
0
Management Client Windows NT 4.
0
Windows 95, 98
Solaris* 2.
5, Solaris* 2.
7
(32 bit mode)
Platforms Pentium III or higher
Sun SPARC (Solaris)
Disk Space 30 MB
Memory 192 MB
Network Interface ATM
Ethernet
Fast Ethernet
FDDI
Token Ring
* Real Time Monitor Window not supported on Solaris operating systems
Product Features
· Flexible bandwidth control with
weighted priorities, guarantees,
and limits
· Integrated VPN bandwidth management
· Enterprise policy management server
· Real time graphical monitor
Product Benefits
· Reliable performance for businesscritical traffic such as VPN, ERP, and
e-commerce
· Eliminate the need to deploy separate
products for VPN, firewall, and bandwidth policy management
· Centrally modify policies without the
need to reconfigure each enforcement
point
· Easily identify sources of network
congestion
S e c u r e V i r t u a l N e t w o r k A r c h i t e c t u r e
Secure Virtual Network Architecture
All Check Point Software products are built on our Secure Virtual Network (SVN) Architecture to provide secure and
seamless connectivity of users, networks, systems and applications across Internet, intranet and extranet environments.
For more information, please contact your Check Point Software reseller or go to www.
checkpoint.
com
©1999 Check Point Software Technologies Ltd.
All rights reserved.
Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer, FloodGate-1, INSPECT, IQ
Engine, Meta IP, Open Security Extension, OPSEC, Provider-1, Reporting Module, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Appliance, VPN-1
Certificate Manager, VPN-1 Gateway, VPN-1 SecuRemote, VPN-1 SecureServer, and ConnectControl are trademarks or registered trademarks of Check Point Software
Technologies Ltd.
or its affiliates.
All other product names mentioned herein are trademarks or registered trademarks of their respective owners.
The products described in
this document are protected by U.
S.
Patent No.
5,606,668 and 5,835,726 and may be protected by other U.
S.
Patents, foreign patents, or pending applications.
P/N 32100100001
Organizations worldwide are increasingly using IP-based technologies to support critical applications on
both Internet and private WAN links.
VPN technologies, in particular, are making it possible to gain competitive advantage by connecting employees, partners, and customers using the Internet.
Although the
benefits of Internet technologies are undeniable, the resulting flood of IP-based traffic can cause severe
congestion on limited WAN and Internet links.
Too often, bandwidth-hungry discretionary traffic overwhelms business-critical traffic on these links.
FloodGate-1--Reliable Performance
for Critical Traffic
Check Point Software Technologies solves the
network congestion problem with FloodGate-1,
a policy-based, enterprise bandwidth management solution for private WAN and Internet
links.
It optimizes network performance by
assigning priority to business-critical traffic
based upon relative merit.
For example, ERP, database, or e-commerce
applications running on a corporate VPN can
be prioritized over discretionary web and
email traffic.
By aligning network resources
with business goals, FloodGate-1 makes it
possible to realize the true potential of
IP networks.
Bandwidth Management for VPN, Private WAN and Internet Links
VPN-1
FireWall-1
FloodGate-1
[Moins]