Scribd
Upload
17 views

cloudguard-gateway-performance-for-aws-datasheet

CloudGuard Network Security Gateway for AWS provides advanced threat prevention and automated security management for multi-cloud environments. It offers various performance metrics based on virtual CPU configurations, detailing throughput for different security features. The solution includes capabilities for data loss prevention, dynamic user-based policy enforcement, and comprehensive security features across various platforms.

Uploaded by

Nisha Nair
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
17 views

cloudguard-gateway-performance-for-aws-datasheet

CloudGuard Network Security Gateway for AWS provides advanced threat prevention and automated security management for multi-cloud environments. It offers various performance metrics based on virtual CPU configurations, detailing throughput for different security features. The solution includes capabilities for data loss prevention, dynamic user-based policy enforcement, and comprehensive security features across various platforms.

Uploaded by

Nisha Nair
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

CloudGuard Network Security Gateway Performance for AWS | Datasheet

CloudGuard Network Security


Gateway Performance for AWS
CloudGuard Cloud Network Security, part of the CloudGuard Cloud Native Security platform, provides advanced threat
prevention and automated cloud network security through a virtual security gateway, with unified security management
across all your multi-cloud and on-premises environments.
For public clouds, CloudGuard provides automated and elastic public cloud network security to keep assets and data
protected while staying aligned to the dynamic needs of public cloud environments.
For private clouds, CloudGuard delivers dynamic security within virtual datacenters to prevent the lateral spread of
threats while consolidating visibility & management across physical & virtual networks.

Performance: CloudGuard Network Security (R81.20 JHF 24) – AWS C6in VMs
Notes:
 Next Generation Firewall (NGFW) throughput is measured with FW, IPS, Application Control features enabled
(see table 2 below), using Check Point Enterprise testing conditions.
 Next Generation Threat Prevention (NGTP) throughput is measured with FW, IPS, Application Control, URL
Filter, Anti-Virus, Anti-Bot features enabled (see table below), using Check Point Enterprise testing conditions.
 FW + Site to Site VPN methodology: ideal testing conditions using iPerf tool, UDP only and 1300 bytes p acket
size

It is recommended to run additional testing within your environment to ensure your performance requirements
are met. Your performance may vary depending on underlying cloud vendor infrastructure performance.

2 vCPU: 4 vCPU: 8 vCPU: 16 vCPU:


C6in.Large C6in.XLarge C6in.2XLarge C6in.4XLarge
Concurrent Connections 815,527 1,847,153 3,957,108 8,048,880
CPS 42.7K 67.3K 140K 150K
FW Only 8.3Gbps 11Gbps 14.7Gbps 20Gbps
FW + IPS 3.4Gbps 7.4Gbps 13.8Gbps 19.5Gbps
NGFW (FW + IPS + App Control) 2.5Gbps 5.3Gbps 11.2Gbps 19.5Gbps
NGTP (NGFW + URLf + AV + Anti-Bot) 1Gbps 2Gbps 4.4Gbps 8.9Gbps
HTTPS NGFW (FW + IPS + App Control) 0.6Gbps 1.2Gbps 2.4Gbps 5.4Gbps
HTTPS NGTP (NGFW + URLf + AV + Anti-Bot) 0.5Gbps 1Gbps 2.2Gbps 4.5Gbps
Remote access VPN Concurrent Connections (NGFW) 500* 1000* 1700* 2900*
Remote access VPN Concurrent Connections (NGTP) 400* 750* 1500* 2500*
Accuracy range: +/-3%
* Accuracy rage: +/- 15%

©2023 Check Point Software Technologies Ltd. All rights reserved | P. 1


Content Security Network
First Time Prevention Capabilities High Availability

 OS-level and static file analysis  Active/Active L2, Active/Passive L2 and L3*

 File disarm and reconstruction via Threat Extraction  Session failover for routing change, device
and link failure
 Average emulation time for unknown files that require
*Not applicable for cloud service providers
full sandbox evaluation is under 100 seconds
usage
 Maximal file size for Emulation is 100 MB IPv6
 Emulation OS Support: Windows XP, 7, 8.1, 10  NAT66
Applications  CoreXL, SecureXL
 Use 8,000+ pre-defined or customize your own Unicast and Multicast Routing (see
applications SK98226)
 Accept, prevent, schedule, and apply traffic-shaping  OSPFv2, BGP, RIP
Data Loss Prevention  Static routes, Multicast routes
 Classify 700+ pre-defined data types  Policy-based routing
 End user and data owner incident handling  PIM-SM, PIM-DM, IGMP v2, and v3
Dynamic User-based Policy
 Integrates with Microsoft AD, LDAP, RADIUS, Cisco
pxGrid, Terminal Servers and with 3rd parties via a Web
API
 Enforce consistent policy for local and remote users on
Windows, macOS, Linux, Android and Apple iOS
platforms

All-inclusive Security
NGFW NGTP NGTX
Prevent known and zero-day
Basic access control Prevent known threats
attacks
Firewall   
VPN (IPsec)   
IPS   
Application Control   
Content Awareness   
URL Filtering  
Anti-Bot  
Anti-Virus  
Anti-Spam  
SandBlast Threat Emulation 
SandBlast Threat Extraction 
Each gateway requires a license for the enabled security feature.

CONTACT US EMAIL: [email protected] WEB: WWW.CHECKPOINT.COM

©2023 Check Point Software Technologies Ltd. All rights reserved | P. 2

You might also like