What is SecurityPower?
SecurityPower is a new benchmark that measures the capability and capacity of an appliance to perform multiple advanced security functions (Software Blades - such as IPS, Application Control, Antivirus, URL Filtering and DLP - using real world traffic conditions and a typical security policy. SecurityPower provides an effective metric in evaluating an appliance. It is an analysis of behavior and prediction of future behavior under security attacks and in day-to-day operation.
In the past, appliance selection was based on one criterion - firewall throughput. The security appliance was tested in lab conditions with a simple firewall-only security policy with only one allow-all traffic rule. The results of these tests were a very high throughput number that did little in forecasting on the ability of the appliance to meet customers' security requirements in real world conditions. In essence, it was similar to measuring the power of a car by providing only its maximum speed when driving downhill with one passenger.
In today's world, with the increase in security threats and their sophistication, appliances need to perform advanced security functions under constantly rising traffic volumes. In this new environment, it can be challenging to choose the right appliance to meet your security objectives, performance requirements, and growth expectations.
SecurityPower is measured using real world customer traffic blend, with multiple advanced security functions (such as Intrusion Prevention (IPS), Application Control, Antivirus, DLP) and a security policy which is typically found at customer deployments.
What is the Appliance SecurityPower Capacity?
Each Check Point appliance has a SecurityPower capacity value, as measured by the Check Point performance labs.
How to use SecurityPower Units (SPU)?
The Appliance Selection Tool translates the Environment Definition and Security requirements into the Required SecurityPower value. The Appliance Selection Tool compares the Required SecurityPower against the SecurityPower Capacity offered by Check Point appliances and then recommends which appliances will best meet your needs today and can also serve you well into the future.
What is the Performance Utility and how does it help me?
The Performance Utility measures different performance parameters on your current appliance over a 24-48 hour period. This utility will help you to improve your sizing accuracy. You can use the output of this utility as the required values in the Appliance Selection Tool.
The Performance Utility output provides:
- Effective Maximum Throughput (Mbps) - The maximum throughput measured during the most CPU business minutes. Effective Maximum Throughput normalizes sporadic throughput peaks that happen during the day. It is advised to use the Effective Maximum Throughput and not the Maximum Throughput as the Total Throughput value in the Appliance Selection Tool.
- Internal IPs - The number of internal devices that are protected by this Security Gateway. The number of Internal IPs can be used as an alternative value to the number of Internal Users in the Appliance Selection Tool. It is advised to manually enter the total number of users when a NAT device is installed between the Security Gateway and the protected users.
- Average Connection Size (Mbps) - The measured throughput sent within a typical connection. The Security Gateway can handle more traffic when the Average Connection Size value is higher. The value of Connection Size can be found in the Appliance Selection Tool under Advanced Filters.
Note: Performance Utility is a safe, lightweight script that doesnt impact the Security Gateway.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.