שיחת ייעוץ חינם: 1-800-800-570

Checkpoint VSX-1 3070
Virtualized Security Gateways

Check Point VSX-1 Appliance—Model 3070

Check Point Product
Check Point VSX-1 Appliance Model 3070 for 5 VSs
VSX-1 Appliance Model 3070 for 5 VSs
#CPPWR-VSX-APP-M3070-5
המחיר שלנו: הצעת מחיר

מחירים נוספים מופיעים למטה, או לחצו כאן!

שימו לב: כל המחירים באתר כוללים מע"מ. החיוב יבוצע על פי שער "העברות והמחאות מכירה" של המטבע (דולר אמריקאי) ביום אישור ההזמנה.

Checkpoint VSX-1 Overview:

The VSX security operations platform is a virtualized security gateway that enables the creation of hundreds of security systems on a single hardware platform, delivering deep cost savings and infrastructure consolidation. Based on the proven security of VPN-1® Power, VSX provides best in class firewall, VPN, URL filtering and intrusion prevention technology to multiple networks, securely connecting them to each other and shared resources such as the Internet and DMZs. All security systems, virtual and real, are centrally managed through Check Point SmartCenter or Multi-Domain Security Management consoles. Powerful turnkey VSX-1 appliances further reduce deployment cost while delivering carrier-class reliability and scalability.

VSX enables any organization to optimize space and costs by operating a virtual network of hundreds of routers, switches, and VPN-1 gateways. For MSPs, VSX becomes the ideal platform for new subscription revenue opportunities by delivering new security services easily and efficiently. These include value-add virtualized content filtering, VPN, network segmentation and firewall services, instantly provisioned using VSX's Virtual Systems Wizard at the lowest possible cost.

Base Configuration

  • 10 ports of 10/100/1000Base-T
  • Console port
  • Hard Drive 250GB
  • Virtualized Firewall, VPN and SmartDefense IPS
  • Starting with 5 virtual systems, upgradeable to up to 10 virtual systems

Benefits

  • Unique and comprehensive virtualized security solution with firewall, VPN, IPS, and URL filtering
  • Consolidate hundreds of security gateways to a single device, increasing device hardware utilization and reducing power, space, and cooling
  • Linear scaling of performance up to 50 Gbps on the highest VSX-1 model
  • Flexible deployment options including software and a full line of turnkey appliances
  • Single proven security management architecture

Features:

Scalable Virtual Environment

VSX delivers scalability while dramatically reducing hardware investment, space requirements, and maintenance costs

With VSX, deployed as VSX Software or VSX-1 turnkey appliances, administrators can create virtualized implementations of conventional physical topologies and designs such as central and remote DMZs. The VSX platform can create and manage up to 250 fully independent security systems on a single or clustered hardware platform. This delivers scalability while dramatically reducing hardware investment, space requirements, and maintenance costs.

Flexible Virtual Connectivity

Virtual routers and switches can be used to forward traffic between networks located behind virtual systems, much in the same manner as their physical counterparts

Virtual routers and switches can be used to forward traffic between networks located behind virtual systems, much in the same manner as their physical counterparts. VSX supports a wide range of routing scenarios, enabling flexible network connectivity.

  • Virtual System in Bridge Mode
    VSX has the ability to host virtual systems running in either router or bridge mode. The ability to deploy virtual systems in bridge mode allows administrators to implement native layer-2 bridging instead of IP routing, and transparently add a virtual system to the network without reconfiguring network settings and topologies.
  • Route propagation
    When a virtual system is connected to a virtual router or to a virtual switch, an administrator can choose to propagate its routing information to adjacent virtual devices. This feature enables network nodes located behind neighboring virtual systems to communicate without the need for manual configuration.
  • Overlapping IP address space
    VSX facilitates connectivity when multiple network segments share the same IP address range. This scenario occurs when a single VSX gateway protects several independent networks that assign IP addresses to endpoints from the same pool of IP addresses. Thus, more than one endpoint in a VSX environment may share the same IP address, provided that each is located behind different virtual systems. Overlapping IP address space in VSX environments is possible because each virtual system maintains its own unique state and routing tables. These tables can contain identical entries, but within different, segregated contexts.
  • Source-based routing
    Source-based routing allows an administrator to define routing definitions that take precedence over ordinary, destination-based, routing decisions. This allows the administrator to route packets according to their source IP address or a combination of their source IP address and destination IP address. Source-based routing is useful in deployments where a single physical interface without VLAN tagging connects several protected customer networks. Each virtual system is connected to an internal virtual router. The virtual router routes traffic to the appropriate virtual system based on the source IP address, as defined in source-based routing tables.
  • Dynamic Routing
    Virtual devices can communicate and distribute routes amongst themselves using dynamic routing. VSX provides full layer-3 dynamic routing for virtual systems and virtual routers. The following unicast and multicast dynamic routing protocols are supported: OSPF, RIP-v1/2, BGP-v4, IGMP, PIM-SM, PIM-DM.

High Performance Security

VSX can be deployed on multiple carrier-class platforms using Check Point's high performance technology, ensuring secure, resilient, multi-gigabit throughput

High bandwidth networks require high-performance gateways in order to support thousands of users and applications. VSX employs Check Point-patented SecureXL™ security acceleration, enabling maximum performance from open servers and appliances. To provide security at wire speed, VSX can be deployed on multiple carrier-class platforms using Check Point's high performance technology, ensuring secure, resilient, multi-gigabit throughput. And to maximize performance, capacity and system scalability, VSX provides the following features and Technologies:

  • Virtual System Load Sharing (VSLS) provides the ability to distribute virtual systems across cluster members, effectively distributing traffic load within a cluster.
  • VSX Resource Control allows administrators to manage the processing load by guaranteeing that each virtual system will receive its minimum CPU allocation. Resources not needed by one virtual system are automatically made available to other virtual systems. Administrators can also limit the CPU time available to a lower-priority virtual system and assign more capacity to mission-critical virtual systems.
  • VSX QoS Enforcement provides the ability to control network quality of service in the VSX network environment by supporting the Differentiated Services (DiffServ) protocol and assigning different transmission characteristics to different classes of service. This helps prioritize the order in which traffic will be processed when resources are under heavy load.
  • ClusterXL provides high availability and load sharing to keep businesses running. It distributes traffic between clusters of redundant gateways so that the computing capacity of multiple machines may be combined to increase total throughput. If an individual gateway becomes unreachable, all connections are redirected to a designated backup without interruption.
  • Link Aggregation, also known as Interface Bonding, is a powerful feature that provides support for bonding interfaces either in a high availability or load sharing mode. This networking technology binds multiple physical interfaces together in parallel to increase throughput beyond the limits of a single interface, and/or to provide redundancy.

Comprehensive Security Services

VSX provides comprehensive protection to multiple networks or VLANs within complex infrastructures, securely connecting them to shared resources like the Internet and DMZs

Based on FireWall-1® and SmartDefense™ intrusion prevention technologies, VSX provides comprehensive protection to multiple networks or VLANs within complex infrastructures, securely connecting them to shared resources like the Internet and DMZs. VSX gateways are based on Check Point-patented Stateful Inspection, the de facto standard for Internet security. VSX examines more than 150 predefined applications, services, and protocols out-of-the-box, ensuring that the vast majority of applications used by businesses are free of threats when entering the network. Examples include:

  • URL Filtering - protects users or restrict access from an array of continually updated pre-profiled content
  • Voice over IP-with many companies rushing to adopt VoIP applications to lower telecommunications costs, VSX offers comprehensive VoIP protocol support to secure critical business communications. VoIP protocols supported include H.323, SIP, MGCP and Skinny (SCCP).
  • Instant messaging and P2P applications—these are common attack vectors for worms, viruses, and spyware. VSX provides security for these applications by inspecting their content or preventing them from entering the corporate network

VSX is supported by SmartDefense Services, which maintain the most current preemptive security for the Check Point security infrastructure. VSX also provides flexibility in secure remote access, supporting the most complete range of client access options (IPSec, SSL VPN, mobile access).

Proven, mature security management architecture

VSX is managed with Check Point's SmartCenter™ and Multi-Domain Security Management solutions, which provide powerful tools for centrally configuring, managing, and monitoring multiple VSX security operations platforms, virtual systems, and physical VPN-1 gateways

VSX is managed with Check Point's SmartCenter™ and Multi-Domain Security Management solutions. Both provide powerful tools for centrally configuring, managing, and monitoring multiple VSX security operations platforms, virtual systems, and physical VPN-1 gateways. VSX-1 appliances feature hardware health monitoring capabilities over SNMP.

Based on Check Point's Security Management Architecture (SMART), these solutions deliver the flexibility of choosing the appropriate management solution based on your network requirements. Check Point's One-Click VPN technology also enables virtual systems to be added seamlessly to a VPN community. The new virtual system automatically inherits the appropriate properties and can immediately establish secure sessions with all other VPN community members within the enterprise network. Additional tools such as virtual system creation wizards and templates assist in enforcing server image standardization and further streamline the process of deploying and configuring VSX.

Used in conjunction with Multi-Domain Security Management, an enterprise can use VSX to segment different business groups or customers, and classify the network either by function or by network segment. Therefore, administrators can maintain separate policies for different network segments and can delegate or divide large rule-bases into several smaller rule-bases for ease of management and better control of network security.

Service Provider Enablement

VSX delivers security service provisioning at the click of a button, enabling service providers to monetize virtual security service offerings at the lowest possible cost

VSX delivers security service provisioning at the click of a button, enabling service providers to monetize virtual security service offerings at the lowest possible cost. Capabilities now include new URL filtering capability which protects users or restrict access from an array of profiled content. This adds to the best-in-class security services already available.

Specifications:

Check Point VSX-1 Appliance—Model 3070

  1. LCD Display
  2. LCD Control Buttons
  3. USB Ports
  4. Console Port
  5. Six 1GbE Ports
  6. Four 1GbE Ports
Appliance Hardware Specifications
  VSX-1 3070 Single Unit VSX-1 9070 Single Unit VSX-1 9090 VSLS VSX-1 11060/11070/11080 Single Unit VSX-1 11260/11270/11280 VSLS
VSX version R67 R67 R67

R67

R67

Virtual Systems
Included 5 10 10

10

10

Capacity 10 150 150

 250

 250

Performance
FireWall Throughput (Gbps) 4.5 14 28

15 / 20 / 25

30 / 40 / 50

VPN Throughput (Gbps) 1 3.6

7.2

3.7 / 4.0 / 4.5

7.4 / 8.0 / 9.0

Concurrent Sessions 1 Million 1.1 Million 1.6 Million

1.2 Million

1.6 Million

Interfaces
Built-in Interfaces 10 Copper GbE 14 Copper GbE 28 Copper GbE

14 Copper GbE 

28 Copper GbE 

Optional interfaces N/A LOM
2x4 1 GbE Fiber
2x4 1GbE Copper
2x2 10 GbE
LOM
2x2x4 1 GbE Fiber
2x2x4 1GbE Copper
2x2x2 10 GbE

 LOM
2x4 1 GbE Fiber
2x4 1GbE Copper
2x2 10 GbE

 LOM
2x2x4 1 GbE Fiber
2x2x4 1GbE Copper
2x2x2 10 GbE

Enclosure
Enclosure 1U 2U 4U

 2U

 4U

Storage 160GB 2 x 160GB 4 x 160GB

 2 x 250GB

4 x 250GB 

Dimensions
(standard)
17.4 x 15 x 1.73 in. 17 x 20 x 3.46 in. 17 x 20 x 7 in.

17 x 20 x 3.46 in. 

 17 x 20 x 7 in.

Dimensions
(metric)
443 x 381 x 44mm 431 x 509.5 x 88mm 431 x 509.5 x 176mm

 431 x 580 x 88mm

 431 x 509.5 x 176mm

Weight 6.5kg (14.3 lbs) 16.5 kg (36.3 lbs) 33 kg (72.6 lbs)

 23.4kg (51.6 lbs)

 46.8 kg     (103.2 lbs)

Power
Dual, hot-swappable power supplies No Yes Yes

Yes 

Yes 

Power Input 100 ~ 240V; 50 ~ 60Hz
Power Supply Spec (Max) 250W 400W 800W

500W 

 1000W

Power Consumption (Max) 78W 201W 400W

 253W

 506W

Operating environment range Temperature: 5° to 40° C, Humidity: 10%-85% non-condensing, Altitude: 2,500m
Compliance UL 60950; FCC Part 15, Subpart B, Class A; EN 55024; EN 55022; VCCI V-3AS/NZS 3548:1995; CNS 13438 Class A (test passed; country approval pending); KN22KN61000-4 Series, TTA; IC-950; ROHS

UL60950-1, First Edition: 2003, CAN/CSAC22.2, No 60950:2000, IEC60950-1: 2001, EN60950-1:2001+A11 with Japanese National Deviations;
FCC Part 15, Subpart B, Class A, EN50024,EN55022A:1998, CISPR 22 Class A, 1985, EN61000-3-2, EN61000-3-3; EN55024: 1998

Software
System Requirements
Platforms SecurePlatform™ compatible Open Servers, Crossbeam X Series, IBM BladeCenter (firewall module only), Nokia IPSO
Processor, Disk space, Memory, Network interfaces Intel Pentium II 1GHz-plus or equivalent processor, 4 GB, 256 MB, Three interfaces minimum (four for a VPN-1 Power VSX cluster)
SmartDashboard platforms, Disk space Memory Windows 2000/2003/XP/ME/98, 100 MB, 256 MB
Multi-Domain Security Management platforms, Disk space, Memory SecurePlatform™, Linux, Solaris 800 MB; 50MB for each CMA 256 MB
Remote access client platforms, Disk space, Memory Windows 2000/XP/2003, Macintosh, Linux, 20 MB, 64 MB
Technical Specifications
Firewall
Protocol/Application support Secures more than 200 applications and protocols
VoIP Protection SIP, H.323, MGCP, and SIP with NAT support
Instant Messaging Control MSN, Yahoo, ICQ, and Skype (including over HTTP and SSL)
Peer-to-peer Blocking Kazaa, GNUTella, BitTorrent, eMule, IRC (including over HTTP)
Network Address Translation Static/hide NAT support with manual or automatic rules
URL Filtering
Secure Internet Access Activated per virtual system
Site Categories Dozens of pre-configured categories with exception overrides.
Monitoring Optional activation of use monitoring
White/Black Lists Control access to specific user-defined sites.
VPN
Encryption Support AES 128-256 bit, 3DES 56-168 bit
Authentication Methods Password, RADIUS, TACACS, X.509, SecurID
Certificate Authority Integrated X.509 certificate authority
VPN communities Automatically sets up site-to-site connections as objects
Topology Support Star and mesh
VPN Routing Link selection for gateways with dynamically allocated IP addresses, generic route encapsulation (GRE) support, wire mode VPN
VPN Client Check Point Endpoint Security, Check Point Endpoint Connect, VPN-1 SecureClient, VPN-1 SecuRemote
SSL-based remote access Fully integrated SSL VPN gateway provides on-demand SSL-based access
SSL-based endpoint scanning Scans endpoint for compliance/malware prior to admission to the network
Site-to-site VPN Explicit multiple entry point (MEP) configuration support
VPN tunnel management VPN links can be configured to be "always" on
Intrusion Prevention
Network-layer protection Blocks attacks such as DoS, Port Scanning, IP/ICMP/TCP related
Application-layer protection Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands and more
Detection Methods Signature-based and protocol anomaly
Networking
Virtualization Complete virtualization of all networking components such as virtual routers & switches
VLAN interfaces 4096 per cluster
Dynamic Routing Support OSPF, BGP, RIP v1/2, Multicast in multiple virtual system mode
DHCP Support SecurePlatform™ DHCP Relay
Layer-2 bridge support Transparently integrates into existing network
Performance and Availability
Failover recovery Active/standby bridge mode for instantaneous failover
Load balancing VSLS (virtual system load balancing) to distribute VS load across cluster members
Quality of Service Support for Differentiated Services for outbound and inbound traffic
ISP Redundancy Automatically reroutes traffic to second interface
Traffic Acceleration SecureXL accelerates security decisions
Performance and Availability
Policy segregation Virtual and logical grouping of customers, global and customer specific security and VPN policies*
Centralized management Logging, monitoring, event correlation, reporting, security updates, VPN and large-scale policy management and management high availability
Role-based administration Global and granular administrative access and permissions, multiple simultaneous administrator access*
Log management Automatic log maintenance and consolidation
*Available with Multi-Domain Security Management

Documentation:

Download the Check Point VSX-1 3070 Appliances Datasheet (PDF).

הערות תמחור:

Check Point VSX-1 Appliance Model 3070 for 5 VSs
VSX-1 Appliance Model 3070 for 5 VSs
#CPPWR-VSX-APP-M3070-5
המחיר שלנו: הצעת מחיר
Additional managed sites for VSX-1 Appliance
Add-on for 5 VSs for VSX-1 Appliance Model 3070
#CPPWR-VSX-ADD-5-M3070
המחיר שלנו: הצעת מחיר
Total Security Services for VSX-1 Appliances (includes SmartDefense and URL Filtering), One Year
Total Security Services for VSX-1 for 5 VSs
#CPPWR-SDTS-VSX-APP-5
המחיר שלנו: הצעת מחיר
Total Security Services for VSX-1 for 10 VSs
#CPPWR-SDTS-VSX-APP-10
המחיר שלנו: הצעת מחיר
Total Security Services for VSX-1 for additional 20 VSs
#CPPWR-SDTS-VSX-APP-ADD-20
המחיר שלנו: הצעת מחיר
SmartDefense Services for VSX-1 Appliances, One Year
SmartDefense Services for VSX-1 for 5 VSs
#CPPWR-SMDF-VSX-APP-5
המחיר שלנו: הצעת מחיר
SmartDefense Services for VSX-1 for 10 VSs
#CPPWR-SMDF-VSX-APP-10
המחיר שלנו: הצעת מחיר
SmartDefense Services for VSX-1 for additional 20 VSs
#CPPWR-SMDF-VSX-APP-ADD-20
המחיר שלנו: הצעת מחיר
URL Filtering Services for VSX-1 Appliances, One Year
URL Filtering Services for VSX-1 for 5 VSs
#CPPWR-URLF-VSX-APP-5
המחיר שלנו: הצעת מחיר
URL Filtering Services for VSX-1 for 10 VSs
#CPPWR-URLF-VSX-APP-10
המחיר שלנו: הצעת מחיר
URL Filtering Services for VSX-1 for additional 20 VSs
#CPPWR-URLF-VSX-APP-ADD-20
המחיר שלנו: הצעת מחיר
NIC Modules
10GbE LR Fiber (single mode) (2 ports)
#CPPWR-ACC-2-10LRF
המחיר שלנו: הצעת מחיר
10GbE SR Fiber (multi mode) (2 ports)
#CPPWR-ACC-2-10SRF
המחיר שלנו: הצעת מחיר
1GbE LX Fiber (single mode) (4 ports)
#CPPWR-ACC-4-1LXF
המחיר שלנו: הצעת מחיר
1GbE SX Fiber (multi mode) (4 ports)
#CPPWR-ACC-4-1SXF
המחיר שלנו: הצעת מחיר
1GbE Copper (4 ports)
#CPPWR-ACC-4-1C
המחיר שלנו: הצעת מחיר
Accessories and Spare Parts
Replacement parts Kit including one Hard-Drive, one Power Supply, and one Fan
#CPPWR-ACC-SPARES
המחיר שלנו: הצעת מחיר
Lights-Out-Management card
#CPPWR-ACC-LOM
המחיר שלנו: הצעת מחיר