Firewall state table optimization

Discover the Future of Cyber Security:
What’s New in Check Point’s Quantum R82

Pick the Best of the Best of
CheckMates 2024!

Vote Now!

Share your Cyber Security Insights
On-Stage at CPX 2025

Learn More

Simplifying Zero Trust Security
with Infinity Identity!

Watch Now

Zero Trust Implementation
Help us with the Short-Term Roadmap

CheckMates Go:
What's New in R82

LISTEN NOW

How can we achieve below requirement in Checkpoint firewall.

1	State Table
1.1	The solution should be a stateful firewall and must allow granular control of the state table
1.2	On a per-rule basis: a. Limit simultaneous client connections b. Limit states per host c. Limit new connections per second d. Define state timeout e. Define state type
1.3	State types - the solution shall offer multiple options for state handling: a. Keep state - Works with all protocols. Default for all rules. b. Sloppy state – shall work with all protocols. Less strict state tracking to support asymmetric routing. c. Synproxy state - Proxies incoming TCP connections to protect servers from spoofed TCP SYN floods. Must include the option to keep state and modulate state combined.
1.4	State table optimization options – at minimum table optimization shall have the options to: a. Normal - the default algorithm b. High latency - Useful for high latency links, such as satellite connections. Expires idle connections later than normal. c. Aggressive - Expires idle connections more quickly. More efficient use of hardware resources, but can drop legitimate connections. d. Conservative - Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization