Check Point Falcon Acceleration Cards - Speeding Up Traffic Processing



    Relatively recently, we published an article about Check Point Maestro , a new scalable platform that allows you to almost linearly increase the “power” of Check Point gateways. However, this is not the only technology to increase productivity. Back in 2018, new traffic acceleration cards with a dedicated network processor - Falcon Acceleration Cards - were announced . The meaning of these devices is simple - to take part of the traffic processing load. In this article we will consider:

    • Options for available cards;
    • In which gateway models can they be installed;
    • Appearance and installation;
    • What kind of load can take on;
    • How much do they “speed up” SSL inspection.

    If you are interested in this topic - welcome to cat.

    As already mentioned, the cards themselves were announced back in 2018. However, they appeared on sale more recently. This is due primarily to the fact that they can only work on gateways running the OS starting with the version of Gaia R80.20 (R80.30 is now available). Let's look at the available models.

    Available Card Options


    Currently there are not many options. There are two positions:

    1. Falcon 10G Acceleration Card (part number - CPAC-FALCON-10G-B). Card with 4 optical ports of 10 GbE each. Supported transceivers: CPAC-TR-10SR-B (also supports 1 GbE), CPAC-TR-10LR-B (also supports 1 GbE), CPAC-TR-1T-B.
    2. Falcon 40G Acceleration Card (part number - CPAC-FALCON-40G-B). Card with 2 optical ports of 40 GbE each. Supported transceivers: CPAC-TR-40SR-QSFP-300m (supports the breakout mode), CPAC-TR-40LR-QSFP-10K, CPAC-TR-40SR-QSFP-BiDi.

    Supported Gateway Models


    Unfortunately, cards can not be inserted into all devices. List of supported Check Point gateway models:

    • 5900 (up to 2 cards)
    • 6800 (up to 2 cards)
    • 15400 (up to 3 cards)
    • 15600 (up to 3 cards)
    • 23500 (up to 5 cards)
    • 23800 (up to 5 cards)

    Initially, when information about these cards appeared, there was a rumor that they could be inserted into models starting from 5600. However, existing cards are not yet supported. Perhaps in the future will add other models that will be supported by the gateways of the younger family.

    Appearance and installation


    Here is the map of Falcon 10G Acceleration Card :



    Card Falcon 40G Acceleration Card :



    Sami card inserted into gateways into special slots. Actually, the number of free slots is limited by the number of supported acceleration cards. Example for gateway 23500:



    What kind of load can acceleration cards take upon themselves?


    Both acceleration cards can be used for the following tasks:

    1. For https inspection. In this case, the throughput of the gateway is significantly increased;
    2. In Threat Prevention. Deep Inspection, SandBlast, NGFW, all this load can be transferred from the gateway to the map;
    3. For Firewall. Normal traffic processing. Increases throughput, reduces response time, increases the number of supported sessions.
    4. For VSX or QoS.

    In my opinion, the point about HTTPS inspection and the ability to transfer load for “deep inspection” of files are of primary interest.

    How much do these card data “speed up” SSL inspection?


    Below is a table of tests for different models with different numbers of acceleration cards. Percentages in this case reflect how much the device’s throughput increases when SSL inspection is enabled:



    You can rely on these numbers when sizing a model that suits you.

    Conclusion


    According to our information, unfortunately, these cards cannot be imported into Russia so far. Notification process is ongoing. However, now we can say that this is a good addition to the portfolio of “iron” devices. More technical information can be found here , or contact us directly . Read more about Check Point on our blog .

    Only registered users can participate in the survey. Please come in.

    Do you plan to use acceleration cards?


    Also popular now: