Support Center > Search Results > SecureKnowledge Details
Falcon Acceleration Cards for 5000, 6000, 15000 and 23000 Appliances Technical Level
Solution

Table of Contents

  • Introduction
  • Performance
  • Compatibility
  • Installation
  • Known Limitations
  • Documentation


Introduction to Falcon Acceleration Cards

The Check Point Falcon Acceleration Cards provide a high performance, low-latency, flexible and scalable solution for Check Point 5900, 6800, 15000, and 23000 appliances.

Falcon Acceleration Card is a dedicated network I/O card solution with an integrated Network Processor, which supports multiple connectivity options at 10 GbE (CPAC-Falcon-10G-B) and 40 GbE (CPAC-Falcon-40G-B).

The Check Point Falcon Acceleration Cards provide:

  • For HTTPS Inspection acceleration - increase in the throughput by utilizing the dedicated hardware engines on the acceleration cards. 
  • For Threat Prevention - increase in the throughput by implementing Deep Inspection in the acceleration cards hardware. This applies to Threat Prevention with SandBlast Zero Day protections and to NGFW. 
  • For Firewall-only acceleration - increase in the throughput for Firewall-only traffic, low traffic latency, session rate improvement. 
  • VSX and QoS support.


Falcon Acceleration Cards available for Security Appliances

Name SKU Compatible appliances Connectivity List Price
Falcon 10G Acceleration Cards CPAC-FALCON-10G-B 6800, 5900 - 23800 4x 10 GbE fiber $20,000
Falcon 40G Acceleration Cards CPAC-FALCON-40G-B 6800, 5900 - 23800 2x 40 GbE fiber $20,000

For the list of supported transceivers, refer to Falcon Acceleration Cards Release Notes

 

Performance

Falcon Performance - with SSL Inspection disabled

AC Number \ Model 5900 6800 15400 15600 23500 23800
1x AC 40% 15% 40% 5% 20% 0%
2x AC 70% 70% 95% 45% 60% 20%
3x AC     165% 70% 95% 40%
4x AC         130% 70%
5x AC         155% 80%
  • Tested on Threat Prevention with enterprise testing conditions
  • Numbers indicate performance improvement over system with no Falcon cards installed
  • Results for 23900 appliance will be published during Q3 2019


Falcon Performance - with SSL Inspection enabled

AC Number \ Model 5900 6800 15400 15600 23500 23800
1x AC 20% 30% 35% 25% 0% 0%
2x AC 100% 60% 95% 65% 30% 0%
3x AC     105% 95% 50% 15%
4x AC         75% 45%
5x AC         100% 75%
  • Tested on Threat Prevention with enterprise testing conditions (90% HTTPS)
  • Numbers indicate performance improvement over system with no Falcon cards installed
  • Results for 23900 appliance will be published during Q3 2019

 

Compatibility

Model Supported cards
5900, 6800 up to 2
15000 up to 3
23000 up to 5

Note: 5100-5800 and 6500 appliances do not support 10 GbE and 40 GbE Acceleration Cards.

The following configurations will not benefit from the new Falcon Acceleration Card:

  • Security Gateway configured as Proxy - proxy connections will not be accelerated by Falcon Acceleration Card.

  • Application limit rules - connections with possible match of Unified Policy (UP) limit will not be accelerated by Falcon Acceleration Card.

 

Installation

  • For customers without Acceleration Card installed   Show / Hide

    1. Contact Acceleration-Installation@checkpoint.com to obtain the Falcon Acceleration Cards Hotfix and the appropriate R80.20 Jumbo HFA Take
    2. Download and install Check Point R80.20 GA Take 101
    3. Load configuration and configure the policy
    4. Install the R80.20 Jumbo HFA Take obtained in step 1
    5. Reboot the appliance
    6. Install the Acceleration Card Hotfix obtained in step 1
    7. Install the Acceleration Card
    8. Load the configuration and define the policy
  • For customers with Acceleration Card Hotfix installed    Show / Hide

    1. Contact Acceleration-Installation@checkpoint.com to obtain the Falcon Acceleration Cards Hotfix and the appropriate R80.20 Jumbo HFA Take
    2. Perform failover to make the deice a Standby member
    3. Remove the Acceleration Card Hotfix via WebUI
    4. Install the R80.20 Jumbo HFA Take obtained in step 1
    5. Reboot the appliance
    6. Install the Acceleration Card Hotfix obtained in step 1
    7. Reboot the appliance


Known Limitations

ID Symptoms
PMTR-24413 PXE installation on a Host appliance is not supported through a Falcon Acceleration Card interface (because BIOS cannot contain the necessary driver for the Acceleration Card). 
PMTR-5624 The LED on the Acceleration Card port does not reflect the speed of downstream link when the breakout cable is configured and used. 
PMTR-14371 Gaia OS assigns names to the Acceleration Card ports in a non-sequential way (for example, eth2-01 and eth2-05 instead of eth2-01 and eth2-02).
  • This is by design to allow for expansion of both single ports on the Acceleration Card into four interfaces when an optional breakout cable is configured and used. 
PMTR-24961,
TP-2033
The Falcon Acceleration Cards Falcon-10G do not support the auto-negotiation of the link speed and duplex.
You can only configure link speeds 10 Gbps / Full Duplex or 1000 Mbps / Full Duplex.
PMTR-26742 VRRP VMAC mode is not supported on the Falcon Acceleration Card interfaces. 
PMTR-20257 In some scenarios, Security Gateway appliance with the installed Falcon Acceleration Card(s) may drop very large fragmented packets, whose size after their reassembly exceeds 15320 bytes.
PMTR-972 In the output of 'ifconfig' and 'ipsctl' commands, certain hardware error counters for interface statistics can be incremented erroneously due to transceiver / link events on the Acceleration Card ports (such as taking an interface up/down, cable connect/disconnect, and line speed change).


Documentation

Administration Guides
R80.20 Falcon Acceleration Cards Release Notes
R80.20 Performance Tuning Administration Guide    
R80.20 Falcon Acceleration Cards Administration Guide 
R80.20 Falcon Acceleration Cards Getting Started Guide
Related Solutions
sk153392 - AC diagnostics - accelerated traffic view
sk149453 - Falcon Acceleration Cards (AC) FAQ
sk149312 - SNMP statistics for Falcon Acceleration Cards

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment