Perfect Foundation for 2013 Security Blueprint

802 views
654 views

Published on

Perfect Foundation for 2013 Security Blueprint

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
802
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Screenshot from R75.46Check Install verification (without real installation)
  • Add interactive discussion slides
  • Perfect Foundation for 2013 Security Blueprint

    1. 1. Perfect Foundation for 2013 Security Blueprint Erez Berkner Infrastructures Group Manager ©2013 Check Point Software Technologies Ltd.
    2. 2. Agenda 1 The Challenge 2 Why Gaia? 3 How to Easily Migrate to Gaia 4 R76 Sneak Peek ©2013 Check Point Software Technologies Ltd. 2 2
    3. 3. Your Challenge  Maintaining and certifying multiple operating systems  Managing multiple administrators  Getting maximum performance from existing hardware  Enabling new Software Blades on your existing install base ©2013 Check Point Software Technologies Ltd. 3 3
    4. 4. Agenda 1 The Challenge 2 Why Gaia? 3 How to Easily Migrate to Gaia 4 R76 Sneak Peek ©2013 Check Point Software Technologies Ltd. 4 4
    5. 5. Operational Cost Reduction Automatic Software Updates Improved Backup/Restore EmergenDisk Easy and fast system cloning ©2013 Check Point Software Technologies Ltd. 5 5
    6. 6. Gaia is Better than SecurePlatform  More Secure – Role-Based Administration  Better Performance – 64-bit  Easier to use – Web UI provides all the features of the CLI  Dozens of features not available in SecurePlatform – – – – – SNMPv3 VRRP Policy based routing Enhanced Dynamic Routing engine IPv6 ©2013 Check Point Software Technologies Ltd. 6 6
    7. 7. Gaia is Better than IPSO  More Secure – Supports the entire software blades portfolio  Better Performance – 64-bit  Easier to use – Clone your box via “show configuration”  Native Virtual Systems support (VSX)  Supports legacy hardware and 2012 models ©2013 Check Point Software Technologies Ltd. 7 7
    8. 8. 64-bits Architecture  Utilize your existing hardware to the max  Gaia supports today up to 32GB of RAM  Ready for larger memory sizes (up to 16,777,216 TB!)  Easy to move to 64-bits: – All Gaia deployments can support 64-bit – No need to reinstall – Easy revert to 32-bit ©2013 Check Point Software Technologies Ltd. 8 8
    9. 9. Changing the OS Edition ©2013 Check Point Software Technologies Ltd. 9 9
    10. 10. Connection Capacity with 64-bit SecurePlatform/ IPSO 32-bit 64-bit 6GB 1.2M 2.4M 8GB 1.2M 3.3M 12GB 1.2M 5.0M 24GB 1.2M 10.0M 32GB 1.2M 13.0M ©2013 Check Point Software Technologies Ltd. 10 10
    11. 11. Creating Roles ©2013 Check Point Software Technologies Ltd. 11 11
    12. 12. Role Based Administration  Create separate roles  Employ the least privilege principle  No need to give full “admin” privilege anymore  Similar to IPSO ©2013 Check Point Software Technologies Ltd. 12 12
    13. 13. Setting the Upgrade Policy ©2013 Check Point Software Technologies Ltd. 13 13
    14. 14. Software Updates  Enables automatic download of updates  Get only the appropriate updates that fit you – Identify HF collisions!  x5 times faster  Manage scheduled installation and download  Post update self-test – Revert on failure  Available starting R75.40 – Default is notifications only Putting system updates on auto-pilot ©2013 Check Point Software Technologies Ltd. 14 14
    15. 15. Package Is Available for Download ©2013 Check Point Software Technologies Ltd. 15 15
    16. 16. Gaia Software Updates ©2013 Check Point Software Technologies Ltd. 16 16
    17. 17. Show Config Demo for Show Configuration ©2013 Check Point Software Technologies Ltd. 17 17
    18. 18. Show Configuration  Show configuration functionality, similar to the one available on network equipment, allows getting a script for rebuilding the entire OS in seconds.  Use Save/Load configuration to clone a GAIA device ©2013 Check Point Software Technologies Ltd. 18 18
    19. 19. Gaia Has It All! SecurePlatform IPSO 64-bit No No Yes! 2012 appliances Yes No Yes! VRRP No Yes Yes! ClusterXL Yes No Yes! Automatic software updates No No Yes! Show configuration No No Yes! Enhanced dynamic routing No Yes Yes! Automatic license download No No Yes! Policy based routing No Yes Yes! TACACS+ No Yes Yes! Modern Web UI No No Yes! Full blade support Yes No Yes! ©2013 Check Point Software Technologies Ltd. 19 19
    20. 20. Agenda 1 The Challenge 2 Why Gaia? 3 How to Easily Migrate to Gaia 4 R76 Sneak Peek ©2013 Check Point Software Technologies Ltd. 20 20
    21. 21. Migration Is Easy!  Migrating to Gaia from SecurePlatform or IPSO is a piece of cake  2 options – Direct in-place upgrade – Use export/import of configuration – Reduces the complexity of migration – Can try it on VMware! ©2013 Check Point Software Technologies Ltd. 21 21
    22. 22. Migration from IPSO /config/active  Copy the file /config/active from the IP appliance to the 2012 appliance  Run ipso-migrator (on any GAIA machine!) – On target machine: Apply changes – On other GAIA machine: Create a configuration file and load it on the target machine via “load configuration myConfig”  Reboot  Done! IPSO configuration is converted to Gaia ©2013 Check Point Software Technologies Ltd. 22 22
    23. 23. Running the IPSO Migrator ©2013 Check Point Software Technologies Ltd. 23 23
    24. 24. Migration from SPLAT (sk68140) SecurePlatform SecurePlatform Archive File Gaia Config File Gaia Converter 1. Export all SecurePlatform config files into one archive file (“copyfiles” script) 2. Run the Gaia converter (“converter –o <myConfigFile>”) to create a single database. ©2013 Check Point Software Technologies Ltd. 24 24
    25. 25. Agenda 1 The Challenge 2 Why Gaia? 3 How to Easily Migrate to Gaia 4 R76 Sneak Peek ©2013 Check Point Software Technologies Ltd. 25 25
    26. 26. R76 is here And now we do things… ©2013 Check Point Software Technologies Ltd. 26 26
    27. 27. IPv6 Features in Gaia R76  OSPFv3 and BGPv4  VRRPv3  Ability to access Web UI via IPv6 address  First Time Wizard supports IPv6 addresses  IP smart field, allowing typing any IP address (IPv4 or IPv6) anywhere in Web UI ©2013 Check Point Software Technologies Ltd. 27 27
    28. 28. IPv6 in First Time Wizard ©2013 Check Point Software Technologies Ltd. 28 28
    29. 29. IP Smart Fields ©2013 Check Point Software Technologies Ltd. 29 29
    30. 30. There’s More in R76!  “show configuration” now includes dynamic routing and VRRP configuration  NetFlow v5 and v9  Improved password expiration controls, as in IPSO  User mode core dumps enabled by default, with quota mechanism ©2013 Check Point Software Technologies Ltd. 30 30
    31. 31. Core Dumps ©2013 Check Point Software Technologies Ltd. 31 31
    32. 32. EmergenDisk ©2013 Check Point Software Technologies Ltd. 32 32
    33. 33. EmergenDisk  Built-in generator for bootable USB key  Create on any GAIA machine  Includes a complete Gaia OS running directly from the USB device  Ability to reset administrator password  Ability to wipe the appliance’s hard drive  Many more tools to come ©2013 Check Point Software Technologies Ltd. 33 33
    34. 34. Proxy ARP ©2013 Check Point Software Technologies Ltd. 34 34
    35. 35. Proxy ARP  Control Proxy ARP from Web UI  Control Proxy ARP from Clish  Supports ClusterXL and VRRP clusters ©2013 Check Point Software Technologies Ltd. 35 35
    36. 36. NetFlow ©2013 Check Point Software Technologies Ltd. 36 36
    37. 37. ©2013 Check Point Software Technologies Ltd.
    38. 38. NetFLow ©2013 Check Point Software Technologies Ltd. 38 38
    39. 39. Performance Optimizations ©2013 Check Point Software Technologies Ltd. 39 39
    40. 40. Multi-Queue Benefits? More Control Extra Lane ©2013 Check Point Software Technologies Ltd. 40 40
    41. 41. Control Multi-Queue and Core XL  Easy CoreXL control from Web UI and Clish  Optimize for Software Blades, Session rate or throughput ©2013 Check Point Software Technologies Ltd. 41 41
    42. 42. Control Multi-Queue and Core XL  Control the core split (instances/dispatchers)  Enable Multi-Queue on select interfaces ©2013 Check Point Software Technologies Ltd. 42 42
    43. 43. Summing It Up Your upgrade does not have to look like that: ©2013 Check Point Software Technologies Ltd. 43 43
    44. 44. It can looks like this: Thank You! ©2013 Check Point Software Technologies Ltd. 44 44

    ×