Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee+
Employee+

SMB - New Product announcement - 1500 Series Security Gateways

Hi All

We are happy to announce The release of the new 1500 series security gateways for SMBs.

Our first Models to be announced are the 1550 and 1590 gateways which set new standards of protection against the most advanced fifth-generation cyber attacks.

The 1550 and 1590 gateways are powered by Check Point’s R80 release. R80 is the industry’s most advanced security management software, and includes multi-layered next-generation protection from both known threats and zero-day attacks using the award-winning SandBlast™ Zero-Day Protection, plus antivirus, anti-bot, IPS, app control, URL filtering and identity awareness. 

 

The 1500 Security Gateways offer integrated, multi-layered security in a compact desktop form factor. Setup can be done in minutes using pre-defined security policies and our step-by-step configuration wizard. Check Point 1500 Security Gateways are conveniently manageable both locally via a Web interface and centrally by means of a cloud-based Check Point Security Management Portal (SMP) or R80 Security Management.

The new 1500 series empowers Small and Midsize businesses with Enterprise Grade Security:

  • 100% block score for malware prevention for email and web, exploit resistance and post-infection catch rate, as seen in the NSS Labs’ recent Breach Prevention Systems (BPS) Group Test
  • Up to 2 times more performance from previous generations. The 1550 Gateway offers 450Mbps of threat prevention performance, and the 1590 Gateway offers 660Mbps
  • The 1550 provides maximum firewall throughput of 2Gbps and the 1590 provides maximum firewall throughput of 4Gbps
  • The 1550 features six 1GbE ports and the 1590 features ten 1GbE ports.
  • Check Point WatchTower mobile application, enables IT staff to monitor their networks and quickly mitigate security threats on the go from their mobile device
  • Out-of-the-box zero-touch provisioning allows for under 1-minute setup
  • IoT devices discovery and recognition for accurate security policy definition.

 

Want to know more ?

Visit the 1500 Series Security Gateways SK

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

And the R80.20 for Small and Medium Business Appliances

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

 

For full product specifications, visit:  https://www.checkpoint.com/products/small-business-security/

 

 

Amir Ayalon | SMB Project Management Team Leader
Check Point SW Technologies. | ( +972-733-79-8629| Mobile: +972-545-787673 * amiray@checkpoint.com

49 Replies
Highlighted

Which build are you running?

0 Kudos
Highlighted

This is Check Point's 1470 Appliance R77.20.87 - Build 973

Highlighted

Good to know, but it seems that build is not GA yet.

0 Kudos
Highlighted
Employee
Employee

I've not seen anything about it - will the new units be manageable via API?

0 Kudos
Highlighted
Admin
Admin

Using R80.30+ central management? Yes.
Self managed? No.
0 Kudos
Highlighted

Btw, I started to be a bit confused here. May be there shall be two forum sections under SMB. One for those running R77.20 and one for R80.20 ?

0 Kudos
Highlighted
Sapphire

Then we need much more flavors - locally managed SMB, SMP managed SMB.... Better just mention in the post what you talk about 😊 !

0 Kudos
Highlighted

Hristo,

What version of code are you running on the 14xx?  We have a couple in production with all blades enabled and I have had both of them lock up no access from internal/external, very hard to troubleshoot because I do not currently have OOB connected

0 Kudos
Highlighted

Hi Hristo,

What blades do you have running on the 14xx and do you use identity awareness?

We have a couple 14xx and they have locked up in the field and we have to reboot to bring them back.

0 Kudos
Highlighted

Hello Kevin,

Yes, I am using IA blade. Also IPS one. What firmware are you using ? Also, are there any *core* or *panic* files in /logs directory after reboot ?

0 Kudos
Highlighted

I am running  R77.20.87 - Build 973. Centrally managed. Depending on the traffic, enabling all blades might be overkill. Think if you can disable some of them until you resolve the problem.

0 Kudos
Highlighted

 

root@CP1550:/# lscpu
Architecture: aarch64
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 2
NUMA node(s): 1
Vendor ID: ARM
Model: 1
Model name: Cortex-A72
Stepping: r0p1
BogoMIPS: 50.00
L1d cache: 32K
L1i cache: 48K
L2 cache: 512K
NUMA node0 CPU(s): 0-3
Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
root@CP1550:/#

 

After opening mine (no wifi) I discovered a micro sd card reader (hurray!) and a unpopulated mini pcie slot. I'm assuming this is where a wifi nic would go. I of course tried putting in a pcie to msata board with a msata EVO 860. no joy so far.

0 Kudos
Highlighted

oh and here is the SD card populated.

Mine has a single partition with ext4 on it.

[Expert@CP1550]# mount | grep kali
/dev/mmcblk0p1 on /mnt/kali type ext4 (rw,relatime,data=ordered)
proc on /mnt/kali/kali-chroot/proc type proc (rw,relatime)
sysfs on /mnt/kali/kali-chroot/sys type sysfs (rw,relatime)
devpts on /mnt/kali/kali-chroot/dev/pts type devpts (rw,relatime,gid=4,mode=620,ptmxmode=000)
[Expert@CP1550]#

0 Kudos
Highlighted

Insert that SSD drive and paste last few lines from 'dmesg' output here. 

0 Kudos
Highlighted

Its not that easy. I've been reading a lot on arm. Basically arm doesn't have a PNP pci buss like x86 does. Arm has something called Device Tree which if I understand correctly mean you basically pre-map out all the io and memory locations for each device.

 

That being said.. before and after doesn't show any difference. lspci always shows the same output as well.

 

root@CP1550:/# lspci -v
00:00.0 PCI bridge: Marvell Technology Group Ltd. Device 0110 (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0, IRQ 50
Memory at f8000000 (64-bit, non-prefetchable) [size=1M]
Bus: primary=00, secondary=01, subordinate=ff, sec-latency=0
Capabilities: [40] Power Management version 3
Capabilities: [50] MSI: Enable- Count=1/32 Maskable+ 64bit+
Capabilities: [70] Express Root Port (Slot-), MSI 00
Capabilities: [b0] MSI-X: Enable- Count=1 Masked-
Capabilities: [100] Advanced Error Reporting
Capabilities: [158] #19
Capabilities: [1a8] Transaction Processing Hints
Capabilities: [23c] L1 PM Substates
Kernel driver in use: pcieport
lspci: Unable to load libkmod resources: error -12

root@CP1550:/#

 

The libkmod error is due to missing information in /lib/modules/$(uname -a)/ dir.

here is a lsblk. Bold is Micro SD.

root@CP1550:/# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
mmcblk0 179:0 0 29.7G 0 disk
`-mmcblk0p1 179:1 0 29.7G 0 part
mmcblk1 179:32 0 3.7G 0 disk
|-mmcblk1p1 179:33 0 48M 0 part
|-mmcblk1p2 179:34 0 1M 0 part
|-mmcblk1p3 179:35 0 720M 0 part
|-mmcblk1p4 179:36 0 48M 0 part
|-mmcblk1p5 179:37 0 1M 0 part
|-mmcblk1p6 179:38 0 720M 0 part
|-mmcblk1p7 179:39 0 300M 0 part
|-mmcblk1p8 179:40 0 650M 0 part
|-mmcblk1p9 179:41 0 1M 0 part
|-mmcblk1p10 179:42 0 1M 0 part
`-mmcblk1p11 179:43 0 1.3G 0 part
mmcblk1boot0 179:64 0 2M 0 disk
mmcblk1boot1 179:96 0 2M 0 disk
mmcblk1rpmb 179:128 0 512K 0 disk
root@CP1550:/#

I'll post some pics of the tear down shortly.

Highlighted

@G_W_Albrecht I noticed NAT templates are enabled on your 1550. Was it like that by default or you activated it explicitly ?

0 Kudos
Highlighted
Sapphire

I do not think i did enable it myself - but it has been a while now i since did my explorations 😉

Highlighted
Sapphire

A final stage of testing was changing from SMP managed to centrally managed (and back and forth...) - now it is centrally managed, the acceleration settings are default and fwaccel stat shows: 
+-----------------------------------------------------------------------------+
|Id|Name |Status |Interfaces |Features |
+-----------------------------------------------------------------------------+
|0 |SND |enabled |WAN,LAN1,wlan0 |Acceleration,Cryptography |
| | | | |Crypto: Tunnel,UDPEncap,MD5, |
| | | | |SHA1,NULL,3DES,DES,CAST, |
| | | | |CAST-40,AES-128,AES-256,ESP, |
| | | | |LinkSelection,DynamicVPN, |
| | | | |NatTraversal,AES-XCBC,SHA256 |
+-----------------------------------------------------------------------------+

Accept Templates : enabled
Drop Templates : disabled
NAT Templates : enabled

So it seems Accept and NAT Templates are on by default.

0 Kudos
Highlighted

Nice. But I wonder if Drop templates can be enabled ?

0 Kudos
Highlighted

NAT Templates are enabled by default starting in R80.20, regardless of fresh install or upgrade.

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos