Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HristoGrigorov

SMB roadmap for 2019-2020

SMB Security - Unique Challenges & Effective Approaches

I mostly like the refreshed promise to release R80.xx during 2019. Also Content Awareness and Threat Extraction are coming with it. And finally Geo Policy protection shall appear in 2020. Other whistles and bells too.

Technically speaking 14xx appliances are no longer considered SMB. They were moved to their own segment together with 32xx ones. Software will probably remain Gaia Embedded so I believe the SMB roadmap applies to them as well.

Share your thoughts, expectations, etc...

0 Kudos
9 Replies
G_W_Albrecht
Legend Legend
Legend

Did you speak with R & D or with marketing ? If, technically speaking, 14xx flash-based centrally managed appliances are no longer considered SMB, what about the 7x0 with identical hardware ? Else it would only leave the old ones in the SMB corner: The 600/1100/1200R appliances that will continue to be supported with important bug and security fixes, but no firmware containing new features.

Also, R80.xx for 14x0 is not that essential, but GAiA instead of GAiA Embedded could make a big difference (but how to run it on that hardware is the question). But you are talking about Content Awareness, Threat Extraction and finally Geo Policy. CA and TE (especially TE, i think) are valuable SW Blades, but on 14x0, there will be big competition for ressources, adding to the current blades. Geo Policy is a feature i do not understand as it always reminds me of a high degree of persecution mania Smiley Happy

Looking at the price difference between a 4600 and a 1430, it would be phantastic to get everything possible on the 4600 also on the 1430, but i do not believe at at all...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
HristoGrigorov

Check the presentation that is in the beginning of my post, it is all there about the planned features. Also notice that 14xx is not mentioned there at all.

And this is from the CheckPoint web site:

There seems SMB is now split into SB and BO appliances. Purely for marketing reasons? I think even if we get all these TP blades there will be limitations and missing features so at the end they will not be exactly the same. May be the basic functionality only.

I hardly believe we will ever see Gaia on this range of devices. What I understood from the presentation is that key note is simplicity and automatic deployment and configuration. If you ask me, migration to R80.xx will be to simplify management and support mostly. May be bring some new techs here and there but nothing extraordinary.

But the fact that CheckPoint is trying to provide more features and rise level of security provided by these devices (which is not an easy task with such limited HW resources) is very much admirable. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I must admit that i did not read the presentation at all, only your remarks Smiley Happy ! I also appreciate that CP is providing more features despite limited HW resources, but this sounds like the old "everything but the kitchen sink" approach. As 14x0 units already today can be managed by R80.xx SMS, migration to R80.xx will mostly rename the firmware version .

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
HristoGrigorov

Btw, I made some tests with one of our 1470 appliances and what seems to be the bottleneck is not the memory but the CPU power. And for 1470 this can be boosted a little bit more by unlocking the 4th core. 

Few weeks ago I opened SR to request procedure and price to unlock that 4th core. Case was closed by TAC with statement that this is not possible. Come on...  I have a solution how to do it myself but don't want to go that route at all. I hope that they make their mind and start allowing it because having that power without any way to use it is just not right!

I mean, 1470 and 1490 are not that bad at all. With externally attached USB disk the disk space problem can also be solved to some extent. But that's another story.

If you look at the marketing propaganda 1490 in many aspects is more powerful than 3100. Smiley Happy

0 Kudos
Tom_Hinoue
Advisor
Advisor

Isn't it the BIOS that is locking the 4th core on 770/1470 appliances?

I think it is an marketing strategy regarding the S1/S2 series for differentiating the products.
As TAC said, it maybe a trade in upgrade if you want to lift to the 1470 to 1490. (since its factory-locked)

In S1 (730/750/1430/1450)  with 2 cores, CoreXL is used for limiting fw worker on 1 core for  730/1430, though the system is operating in 2 cores. If we could do an upgrade an anyway, I think it would be this model (though we can't).

In S2 (770/790/1470/1490), I heard one of the cores are locked in BIOS for 770/1470 so the hardware settings is slightly different.  Please correct me if I'm mistaken...

Btw, can you share us how you think the 1490 is powerful than 3100 in many aspects? (is it cited somewhere?)
As in hardware wise, the 3100 with Intel processors seem more powerful compared to SoC on the SMB boxes.
Well, maybe the maintrain OS could be too much for an Atom processor on 3100 

0 Kudos
HristoGrigorov

Dunno what TAC explains about it but my observations show that the difference is in boot loader. 

From CheckPoint own web site (Branch Office Security Gateways | Check Point Software 😞

Btw, notice I did not said I agree with these numbers Smiley Happy  

Tom_Hinoue
Advisor
Advisor

wow, through these years I was not aware of that difference since I always thought the hardware is the same with the 700 except the 1400 could be centrally managed. Is this what were in the other thread about CoreXL behavior that is making the difference between the 700 and 1400?

0 Kudos
HristoGrigorov

I cannot say about 700 series but 14x0 ones has 4 cores ARM processor and do not under estimate its abilities as in a way it is better than Intel.

But the 4th core on 1470 can be unlocked for sure. If I was CheckPoint I would leave it enabled and just limit fw instances to 3 which will provide same performance but will easy on the other processes such as WebUI interface (will make it supper-dupper fast! Smiley Happy).

I think CoreXL works exactly the same way on both 700 and 14x0 but on later it has more cores enabled and for that more performance. Even more, it probably has the same CPU as 14x0.  Think I read somewhere it does... hmmm

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Locally managed SMBs are crippled very much, and CoreXL only works on 14x0s, although 7x0s have the same CPU. We have to see that the CP solution is not selling hardware, but hw/sw bundles with different price levels.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events