Enabling faster firewalls

by Tim Greene

May 9, 2001 —

Check Point Software is revamping its VPN-1/Firewall-1 software so it can reach ever-higher speeds.

A new architecture is part of the company’s Next Generation software release scheduled for the end of May, and it breaks out the firewall, bulk encryption, public-key setup and network address translation into separate modules. The functions of these modules can then be offloaded to separate security processors, reducing the load on a network processor in firewall/VPN hardware and speeding up throughput.

In tandem with the new software architecture, Check Point also is releasing a new application programming interface so hardware vendors can write Next Generation drivers for their faster processors.

Initially Check Point has six partners to take advantage of these changes: Broadcom, Compaq, Intel, Intrusion.com, Nokia and RapidStream. Others will follow, Check Point says.

The upshot of this is that enterprises interested in buying gigabit-speed connections to the Internet or that want to protect gigabit links to, say, data centers, will be able to do so with a single device without sacrificing speed. Currently, gigabit firewalls are available from only a handful of vendors.

Look for practical implementations of these changes by year-end from RapidStream and later from the other announced partners.

Network World