Next Gen helps create faster firewalls

Check Point Software is revamping its VPN and firewall software to improve scanning and encryption speeds as much as 10 times, which should help prevent security from becoming a bottleneck to Internet access.

The security firm's upcoming software release, dubbed Next Generation, slices the company's security software into modules, letting the packages handle individual security tasks more quickly.

The idea is to let users effectively tap the gigabit speeds of Internet connections or links to secured data.

Specifically, the company plans to turn major features, such as its firewall, network scanning and encryption utilities, into separate modules. Customers can then deploy those modules on network appliances that can handle the module's specific functions.

The firm's hardware partners -- Broadcom, RapidStream,, Intel, Compaq and Nokia -- announced products that will work with and boost the speed of those applications. For instance, Nokia says one feature of Next Generation that it includes in a new VPN/firewall appliance triples the throughput of the firewall.

RapidStream says the new Check Point software architecture will enable VPN processing at more than 2G bit/sec, rivaling the fastest claims made by rival Asita.

The Check Point effort is also an attempt to catch up with the 1G bit/sec and higher firewall speeds now offered by Cisco and NetScreen, says John Lawler, an analyst with Infonetics.

Another analyst echoes that view. "It looks like Check Point recognizes their shortcoming on performance. With the appetite for bandwidth gaining momentum, they will need to process data at gigabit speeds," says Stanley Kruk, director of network support for Equifax Payment Services in St. Petersburg, Fla.

The improvements in Check Point's performance come from redesigning its stateful inspection technology that looks at packets before they are permitted to pass through the firewall or are wrapped or unwrapped as they enter and leave a VPN.

"They say they've figured out how to give the security of Check Point without having to make a trade-off in performance," Lawler says.

Check Point Next Generation also includes Secure XL, a faster application programming interface that other vendors can use to integrate Check Point software with their own processors.

NG products will be offered through Check Point's partners.

This story, "Next Gen helps create faster firewalls" was originally published by Network World.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon