1. Crossbeam Systems Paolo Della Pietra Product Manager e-Security COMPUTERLINKS pdp@computerlinks.it

2. Crossbeam Systems

3. Corporate Overview RAPIDLY GAINING MARKET SHARE
LEADING IT VENDOR WORLDWIDE
TOP 5 NEWS SITE
TOP GERMAN TRAVEL NETWORK
LEADER IN COMPUTER SECURITY RESEARCH
TOP 10 BANK CARD ISSUER
TOP 3 RBOC
TOP 3 MEDICAL INSTRUMENT
TOP EUROPEAN MORTGAGE LENDER
TOP CHINESE MANUFACTURER
RAPIDLY GAINING MARKET SHARE
Enterprise, Service Provider
GLOBAL PRESENCE
North America, EMEA, Asia Pacific
10 regional offices
Worldwide support organization
PRIVATE COMPANY
Founded March, 2000
Headquarters in Concord, Massachusetts
President and CEO: Peter George

4. Securing Blue Chip Networks

5. The Data Center Before Crossbeam
Internet
Routers
LAN switches
Load-balancers
Firewalls
Intranet

6. The Data Center Before Crossbeam with the different security applications
Internet
“Complexity is the enemy of security.”
Bruce Schneier, noted security expert
Routers
LAN switches
Load-balancers
Firewalls
Intranet
IDS
Content filering
Anti-virus

7. Data Center after Crossbeam
Firewall
VPN
Intrusion Detection
Anti-Virus
URL Filtering
More to come…
Applications
Internet
Routers
Runs multiple best-in-breed security applications concurrently
At multi-gigabit throughputs
And “five nines” availability
Features
Less equipment to buy
Less equipment to manage
Simpler data center topology
Easier adds, moves, changes
Lower capital and operating expense
Benefits
Intranet

8. Crossbeam X-Series
Scales application performance up to Gigabits per second
Scales application availability up to “five nines” (99.999%)
Runs multiple network security applications concurrently
Multi-Gigabit
Flow Classification
& Distribution
Scaleable
Multi-Processing
Integrated
Control
The first product developed on Crossbeam’s X-Series platform is the X40, a high
performance “security services switch.” The X40 is a high performance, high
availability, easy-to-manage security services switch designed to secure large and
medium-sized data centers. The system decouples network and security service
processing to allow customers to effectively ride price/performance and
innovation curves within each technology independently. The system offers huge
consolidation of security equipment while preserving security policies with the
end result a safer and simpler network.
The X40 is a modular chassis architecture consisting of 14 slots in a 14 RU
carrier-class enclosure. In the system, 2 slots are reserved for Network Processing
Modules (NPMs) – which can support Gigabit (LX and SX fiber), 10/100 Copper,
and VLAN tagged interfaces. The NPMs are designed with highly intelligent
network processing silicon which perform “deep packet inspection” and classifies
packets into flows that are switched through the system through a set of branded
security engines. The flow switching mechanism is based on Crossbeam’s patentpending
load distribution algorithm and Flow Sequencing technology. Together,
these technologies give the user the ultimate power and control to design a
security infrastructure that matches their business processes and security
policies.
10 slots are reserved for the system Application Processing Modules (APMs). The
APMs are designed to run the branded security engines that are applied to the
flows that are switched through the system. These branded security engines
include: Check Point Firewall-1, Check Point VPN-1, Check Point VSX (virtual
firewalls), Enterasys Dragon Network Intrusion Detection Sensor, ISS RealSecure
Intrusion Detection, SNORT Intrusion Detection, Trend Micro InterScan
VirusWall Anti-virus, F-Secure Anti-virus, and Websense Employee Internet
Content Management. Crossbeam works with leading best of breed security
vendors to incorporate their technologies into the system, thereby continually
expanding the user’s choice for these branded security engines. With
Crossbeam’s Flow Sequencing technology, users can easily configure the exact
sequence in which these branded security engines are applied to flows entering or
exiting the system. This configurability includes the ability to serialize and to
parallelize application processing, resulting in the ultimate control to match any
business’s processes and security infrastructure policy.
The patent-pending architecture also delivers the industry’s first system capable
of either single-box or dual-box High Availability. Single box High Availability
(SBHA) includes redundant data switching fabrics (2), redundant control
switching fabrics (2), redundant control processors with mirrored hard drives
(2), redundant network processors with port-by-port stateful failover (2),
redundant stateful application module failover (from 1 to 10), standby application
modules (from 1 to 10), redundant power supplies with separate power feeds (up
to 4), and much more. The X40’s carrier-class architecture was designed and
built by the same team that built the frame relay switches at the core of MCI’s
Hyperstream global data network. Unlike Telco products, however, the X40
achieves its high capacity capabilities at prices equivalent to existing enterprise
firewall solutions.
The X40 combines the flexibility of servers with the performance, reliability and
simplicity of appliances in a single device. Simple to install, integrate and
operate, the X40 today delivers FW-1, Check Point’s best-of-breed firewall
application, at speeds up to 10 times faster than any competing products. It
dramatically improves security while reducing the volume and complexity of
firewall infrastructure equipment. While a typical high-performance firewall
infrastructure requires 10 devices and 26 ports, a typical Crossbeam
implementation requires just two X40 appliances and four ports, all the while
significantly enhancing firewall performance and scalability.
With enterprises and service providers under unprecedented pressure to improve
security, the Crossbeam X40 is of critical importance across multiple industries,
including financial services, Internet exchange carriers, transportation, retail and
manufacturing. By enabling 10X faster firewall performance, the Crossbeam X40
delivers the significant price/performance improvements that these
organizations need today.
The X40 is the only platform that allows real integration of multiple applications
such as firewall, intrusion detection, anti-virus, content checking, URL filtering,
authentication, and VPN.
Carrier-Class
Architecture
High Availability

9. Network Processor Modules (NPMs)
(switch and Load Balancer)
GigE and 10/100
Intelligent load balancing to APMs
High performance, Network Processor and RISC based design
Interface redundancy
Crossbeam Systems has a patent pending architecture that integrates the network
with the application in a way that provides high scaling, high availability and lots
of flexibility. Figure 3 shows the four main components and how network traffic
comes into the box and is processed by blades that actually run the applications
right inside the box.
There are four major components in the box and the following sections will detail
each one:
Traffic comes in on the Network Processing Modules or NPMs. The NPMs
distribute and load balance the traffic to the Application Processing Modules,
or APMs.
The APMs actually run the various best-of-breed security applications like
firewall, anti-virus, URL filtering or intrusion detection systems. They can run
one or multiple applications and even combine them into groups that act as
one virtual application or group of applications.
The whole system is managed on an out-of-band network by the Control
Processing Modules. These perform functions like analyzing the health of the
system and its components, sending log traffic off-box to syslog and other
servers, and providing High Availability functions.
The backplane is passive and serves to interconnect all the modules. The box
uses a carrier-class switching fabric that consists of dual redundant switched
data paths that provide two 1.6G links to each APM from the NPMs for a total
per-blade throughput of 3.2Gbps. There are also redundant switched control
paths that provide a total of 200Mbps of management throughput to each
APM and the NPMs.
The NPM embeds high speed Generic purpose CPU (MIPS) and Network
Processors that allow wire-speed forwarding of the traffic with very advanced
classification and load balancing functions. There are today two versions of NPM:
a dual Gigabit Ethernet or an octal 10/100BT with a Gigabit Ethernet por
When the traffic comes in the NPM from the un-trusted network, it is classified
based on different criteria, src/dst IP address, src/dst udp/tcp port, protocol Id
or VLAN id. Based on this classification the traffic will be load balanced on the
APMs in a same group or will be forwarded to a specific virtual application
processor. The NPMs use an intelligent scheduling algorithm based on vital signs
coming from the APMs such as CPU usage, memory usage, number of flows,
traffic counters, etc. This intimate knowledge of the APM utilization allows for
truly effective load distribution across all application processors.

10. Application Processor Modules (APMs)
Linux-on-Intel based processor blades
1-2 Pentium III CPUs at 1.26 GHz
Up to 4 GB DRAM per blade
High performance board design
Up to 10 APMs per X40 chassis
Network security applications run on the APMs
PCI bus for HW accelerator or other Ifs
Local disk
The APMs run a hardened version of the Linux OS on Pentium based CPU(s). The
APM comes in a mono or dual Pentium CPU configuration with up to 4GB of
memory. The chassis allows up to 10 APMs to achieve the highest throughput for
multi security applications.
The APM is fully hot-swappable: in case of hot-swap the new module will come
up with the exact same configuration as the previous module. This mode
generates huge cost savings in terms of operation of the network.
The APM allows the integration of PMC (PCI Mezzanine Card) compatible card.
Crossbeam Systems has developed a VPN accelerator (ACE-S2) module to
forward multiple Gigabit/second of encrypted/decrypted traffic. Optionally, the
user can opt to have an IDE-based hard drive on the APM. The hard drive allows
for the APM to run certain application such as anti-virus engines or IDS engines
that require local temporary “scratch” storage.

11. Application Areas Firewall and Virtual Private Networking
Firewall-1 (4.1, NG, VSX, GX)
VPN-1
Intrusion Detection & Prevention
Dragon
Snort (Opensource and SourceFire)
ISS
Anti-Virus
Trend Micro
Aladdin
URL Filtering
Websense / (W-Washer)
Distributed Denial of Service
Captus
Authentication
RSA SecurId
Log Events Correlation
Micromuse Omnicool
Net Forensics
Arc Sight
SSL-VPN
Permeo

12. Control Processor Module (CPMs)
Control Processor Modules (CPMs)
PIII 1GHz, 256MB memory
Management network interfaces
System management, monitoring and control software
High Availability system features
RAID-1 mirrored hard disks
Active/standby operation
Two CPMs can be inserted in the chassis. The CPMs control the initialization of
the chassis and provide different interfaces for out-of-band management, syslog,
control bus extension, console and modem ports. In the redundant configuration
the second CPM is a live backup to the primary CPM. All executable files and
configuration databases are mirrored between the primary and backup CPMs. If a
failure of the primary CPM occurs, the management of the X40 system is
switched over to the backup CPM without any effect to the user traffic passing
through the X40.
10/100 port
Out of band Management port
Gigabit Ethernet Syslog port
100 port HA Link
Serial/Modem port

13. Backplane
The backplane allows a 40+ Gbps of data traffic allowing evolution of the
scalability of the chassis as we increase the power of the APMs or NPMs. Each
NPM has a 1.6Gbps full duplex point to point connection to all APMs, CPMs and
the 2nd NPM. Each APM can receive up to 3.2Gbps of traffic. The signaling
information (heart beat, health poll, flow states, etc…) goes through a dedicated
control path that consists of two Fast Ethernet switch. Each module is connected
to those two switches.

14. Internal Architecture – Data Plane
1-10 APMs
Redundant, non-blocking switch fabrics
1.6 Gb/s link speed
3.2 Gb/s data plane bandwidth available to each APM
40+ Gb/s (full duplex) data plane capacity
Switch based, carrier-class internal architecture
NPMs
CPMs

15. Internal Architecture – Control Plane
1-10 APMs
Redundant Fast Ethernet control bus
Two control path switches
One on each CPM
100M each
NPMs
CPMs

16. Architecture Overview
APM
Application Processor
Module
VPN FW
URL
IDS
Applications
VPN
URL
IDS FW
Internet
NPM
Network Processor Module
Switch and
Load balancer
CPM
Control Processor Module
OA&M

17. Load Balancing Modules report their health to CPM
Ingress Classification:
src/dst IP, src/dst udp/tcp port, protocol ID, VLAN id 1 4 FW 2 3 6 5
IDS
Scheduling Vector to NPM 1 4 2 3 6 5

18. Running the Applications

19. Application Modules Management
System Manager defines groups of virtual appliances
Applications are load balanced per group
Virtual appliances are “mapped” onto physical APMs
In case of failure, a simple hot-swap is enough
Huge operational savings
Standby Modules
IDS
Firewall
IDS / AV
Triple scanned
Service Selection
Applications flow
Several scenarios are possible to enable the traffic to flow through multiple
applications.
The flow can be serialized through applications such as Checkpoint Firewall-1
and Websense Enterprise URL filtering. In this case the traffic goes to the firewall
application that detects HTTP protocol, forwards the packet information to the
Websense Enterprise application that informs Firewall-1 to forward or drop the
packets.
The flow can also be parallelized in the case of a Firewall-1 and IDS application
like Dragon. In this scenario, the packet will be multicast to both applications.

20. Serialization Example
X40S
NPM
Applications
Active DDoS,
Firewall,
Anti-Virus
DDoS
Active DDoS
Check Point
Firewall-1
Firewall
Trend Micro
InterScan VirusWall
Anti-Virus
NPM

21. Parallelization Example
Applications
X40S
NPM
Firewall,
Passive IDS
Check Point
Firewall-1
Active
Passive
IDS
NPM

22. Serialization AND Parallelization
X40S
NPM
Applications
Firewall,
Passive IDS,
Anti-Virus
Check Point
Firewall-1
Firewall
Passive IDS
IDS
Trend Micro
InterScan VirusWall
Anti-Virus
NPM

23. Trend Micro InterScan VirusWall (TM ISVW), Traffic Splitting
FTP Traffic
HTTP Traffic
Crossbeam X40S
NPM
SMTP Traffic
When customers experience real performance issues on some critical “real-time”
applications, the unique architecture of the X40 allows the system to load balance
the traffic on multiple VAP groups based on wire speed classification. In the
example shown in Figure 14, four blades have been allocated to the HTTP traffic
that from the users’ perspective has more real-time constraints than a FTP or
SMTP traffic.
Separate VAP groups for HTTP, FTP, SMTP traffic
VAP groups can be sized independently based on throughput requirements of each traffic type
Can apply more processing power to interactive traffic types like HTTP, FTP

24. X-Stream Flow SequencingAV FW
URL
IDS
IDS
INBOUND OUTBOUND PARALLELIZED X-STREAM SEQUENCER

25. High Availability

26. Single Box HA Hardware Element Redundancy
1:1 Redundant CPM with mirrored hard drives
1:1 Redundant Fan Trays
Redundant Backplanes:
1:1 Redundant Control Plane
1:1 Redundant Data Plane
1:N Redundant Power Supplies with individual feeds

27. Single Box HA Interface redundancy (NPMs)
Master and backup ports can belong to different NPMs
Failed IP interfaces are re-mapped onto backup port
Optionally backup port assumes MAC address of failed port
In addition to its own MAC
Gratuitous ARP sent to update L2 switches tables
Ports can be active/standby or active/active
Multiple IP and MAC addresses
Intranet
1/1
2/1
Router
NPM redundancy
In a single box high availability scenario multiple L2 or L3 switches can be dual
homed back into 2 different (or same) NPMs. Then if any failures of switches,
links, modules occur, the traffic will be instantaneously switched over to a backup
module/port. The backup port instantiates immediately all the IP circuits that
were defined on the failed master port.
NPM1
NPM2

28. Single Box HA CPM redundancy
CPM provide physical resources, data, and services to other modules
Continuous operation of the box in the presence of CP failures
CP redundancy implemented as an “Active/Standby” or “Primary/Secondary” scheme
CPM redundancy
The Control Processor Module is the central point of the boot system, controls
the health of the chassis, provides all the system services (SNMP, Web, Telnet,
FTP, SSH) through the out-of-band management port, manages the syslog
information using the log port and allows the continuation of the control
backplane using the HA link.
A partition of the disk is mirrored between the primary and secondary CPM. The
CPM redundancy works in Active/Standby mode. When the primary CPM fails,
the backup CPM will take over all the control and management functions. The
forwarding of traffic through the APMs continues during this failover.
CPM
CPM

29. Single Box HA Service Availability
APMs
Service remains available
Flows fail over backup VAP
Very fast failover
The architecture provides a Single-box HA solution for full Active-Active
protection at the best possible price. Elements of this HA include:
Dual redundant data path switch fabric
Dual redundant control path switch fabric
Up to 4 power supplies (2 standard) on separate power feeds and internal
power buses
Active : Active Redundant NPMs
Active : Standby Redundant CPMs with mirrored hard drives
VAP groups for clustered FW-1 + VPN-1 gateway engines with full stateful
failover
VAP prioritization (configurable) so that specific VAPs can be dynamically
pre-empted to run as higher priority services in the case of a service or VAP
failure.
In case of failure of an APM different scenarios are possible:
1. Traffic will be load balanced over the left modules of the VAP group
(Figure 17.a).
2. Traffic will be backed up on a specific VAP. By using simultaneous fw-1
state synchronization, this mode guarantees an ultra fast, with no packet
loss failover (Figure 17.b).
3. Standby VAP: When multiple VAP groups have been configured in the
chassis, the standby VAP is a cost effective solution that allows any failed
VAP regardless of the group utilize the standby VAP.
In the standby VAP scenario, multiple blades can fail and the X40 recovers with
no human intervention except hot swapping the failed blades. This demonstrates
the world’s only service pre-emption capability. In the example shown below, the
firewall service has been given a cost that is more important than the IDS service.
This means if the high priority service can’t get the resources it is supposed to
have, it can force a blade running with lower priority to relinquish its services.

30. Single Box HA Standby APMs, preemption modeFW
IDS
Standby VAP

31. Dual box redundancy Main Site A Main Site B SP Core Network
HA link
SP Core Network
Branch Office

32. Dual box redundancy Concept
Intranet
/24
Interfaces within the same L2 network have the same IP address on both X40s
Only one is active at a time
VRRP is run over HA link
If interface on the master X40 fails, the other box’s interface takes over
X40a
VRRP master
X40b
VRRP backup
HA Link
Very often large customers implement a disaster recovery site several kilometers
away from the main site, to provide carrier-class 5x9s (or 99,999) service level
agreement. Usually high speed fiber interconnects both sites. In most of the cases
the network implements an active/standby architecture where the secondary site
backs up the primary. With the X40 network administrators can implement an
automatic failover dual box scenario as active/standby or active/active scenarios
as described by the example below.
VRRP Sync state sent across HA Link
Active flow state are synchronized

33. The X80 Up to 32 GE Ports Up to 64 FE Ports
Up to 8 Gbps FD Firewall Throughput
All of the Features/Benefits of XOS
Works as either X40 or X80

34. The X45
X45-AC
New 7-slot chassis – smaller form factor for Enterprise customers and smaller service provider installations
Same features/benefits of X40
All of the same modules
Supports the following NPM:APM:CPM
2 : 3 : 2
1 : 5 : 1
1 : 4 : 2
2 : 4 : 1

35. Product Overview C - Series

36. 1 or 2 Pentium III processors 2 Fiber/Copper GigE Ports
C30 Quick Facts
1 or 2 Pentium III processors
256MB~2GB of memory
Hardened Linux OS
16 10/100 Ethernet Ports
2 Fiber/Copper GigE Ports
Craft Port
The C30 is a 2U rackable or table top mountable device. It consists of the following components:
• 16 10/100 Ethernet and 2 fiber/copper Gigabit Ethernet interfaces.
• Network Interface Module (NIM) powered by a high speed network processor with 512MB of memory.
• Host Module
The Host module is a best-in-class Intel® high-density motherboard specifically designed to deliver outstanding reliability for security and VPN applications. The Host module has ample expansion:
• 2 seats for CPUs (1 Pentium III 1.26GHz included in base system)
• 6 slots for memory modules (2x256 MB included in base system)
• 5 PCI slots on two 4 Gbps buses (64-bit x 66MHz) for adding acceleration cards (specific cards to be certified by Crossbeam)
• 2 out-of-band 10/100 Ethernet management ports for remote management and synchronization between two C30s
• USB ports for external HD or other storage devices (specific devices to be certified by Crossbeam)
• VPN acceleration module (optional)
• High speed backplane between the NIM and the Host module
• 40GB high speed disk enhanced IDE (ultra ATA at 7200 rpm)
• Serial port (RS232)
• 2 redundant hot-swappable power supplies
• 3 fans
5 PCI expansion slots
2 Redundant
Power Supplies

37. C30 X-Stream Technology Application-intensive: Network-intensive:
FW flow processing
Traffic mirroring, aggregation
Application-intensive:
FW policy lookup/update
IDS, Anti-Virus/SPAM scanning
X-Stream Firewall acceleration using the Check Point SecureXL API
The C30 enables extensive segmentation of the network using either physical ports or VLAN logical interfaces. When a packet enters the chassis it is classified at wire speed by X-Stream running on the network processor. X-Stream then executes one of two actions: 1) sends it to the firewall module because there is a flow state change or 2) switches it out an egress interface if it matches an existing firewall security rule or rules. The performance achieved is above 2Gbps of firewalled traffic.
X-STREAM SECURE FLOW PROCESSING TECHNOLOGY
The network processor implemented in the NIM allows high speed flow management and acceleration and provides high flexibility for new security best-in-class applications.
The C10 uses software-based X-Stream mechanisms to run multiple applications with high scalability. It also implements the “virtual Tap” function for multi-segment monitoring.
X-Stream is the key Crossbeam intellectual property that enables high performance and multi-function integration. Two key portions of X-Stream are implemented in the C-Series:
Figure 5: X-Stream Secure Flow Processing Technology on the C30
X-Stream Multi-port traffic aggregation via internal Tap to one IDS sensor
Simultaneously with the acceleration decision, X-Stream on the network processor can forward all the traffic on one or multiple physical ports to a virtual tap interface on the application module. The IDS/IDP application running on the application module receives the traffic through the tap interface as it aggregates mirrored traffic from multiple physical ports. This model not only removes the burden of deploying fiber taps or configuring switches to mirror the traffic on a spam port, but it also provides a unique approach for cost reduction by using 1 application license to monitor up to 18 segments.
X-Stream Multi-port traffic aggregation via internal Tap to one IDS sensor Simultaneously with the acceleration decision, X-Stream on the network processor can forward all the traffic on one or multiple physical ports to a virtual tap interface on the application module. The IDS/IDP application running on the application module receives the traffic through the tap interface as it aggregates mirrored traffic from multiple physical ports. This model not only removes the burden of deploying fiber taps or configuring switches to mirror the traffic on a spam port, but it also provides a unique approach for cost reduction by using 1 application license to monitor up to 18 segments.

38. C30 Specifications Security Engines (running simultaneously):
Check Point FW-1/VPN-1 NG (2 Gbps FW, 300 Mbps VPN)
ISS RealSecure, Enterasys Dragon or Snort IDS Sensor (max 700 Mbps)
Trend Micro InterScan VirusWall and eManager
Interfaces
16 10/100, 2 GE fiber/copper, VLAN
Redundancy
Dual-box high availability, VRRP, firewall sync, 2 power supplies
Safe upgrade and rollback
High Capacity
1 GB of RAM, Network Processor, Pentium III CPU, 40 GB HD

39. C30 Redundancy Dual-box High Availability:
Management port for application synchronization (firewall)
VRRP for interface redundancy
Single-box Reliability:
2 hot-swappable, dual-feed power supplies
High reliability Intel motherboard as Application Host
USB port for external backup storage
VRRP for interface failover
10/100 Management ports in the back for application synchronization
Company Confidential

40. The C10 Security Services Switch
High Port Density
Branch / Remote Offices
Up to 6 GE Copper or 2 GE Fiber
Integrated Multi-Application
FW/VPN + IDS
FW/VPN + AV
Best-in-class Security Services
Check Point, ISS, SecureComputing, Aladdin, Trend Micro, Websense
X-Stream™ Secure Flow Processing
2 Gbps* (FW-1)
VirtualTap for pre and post FW IDS processing
Expandable
Optional PCI Expansion (VPN Card)
The C10 From Crossbeam is part of the C-Series of Security Services Switches.
Target Market
Specifically the C10 is designed to meet the needs of small to medium enterprises or remote/branch offices of large enterprises and for small/medium businesses.
Positioning
The C10 combines multiple best-in-class applications for complete protection with six 10/100/1000 Mbps copper interfaces (on the C10-6C) or two 1000 Mbps fiber interfaces (on the C10-2C*). Availability of the C10-2C is still TBD.
COS and Applications
The C10 will ship with the C-Series Operating System (COS) version and the Application Development Framework (ADF) version ADF contains the following Security Solution partner applications that have been tested specifically with the C10:
• Check Point FireWall-1 NG Feature Pack 3 (with Performance Pack
and Policy Server RPMs) and VPN-1.
• Check Point FireWall-1 NG AI R55.
• Internet Security Systems RealSecure Network Version 7.0.
• Secure Computing SmartFilter
• Aladdin eSafe (CVP) Version 4.0.
In addition, the following applications are also available with ADF These applications are verified by Crossbeam SQA but we do not provide specific performance testing data or detailed testing.
• Enterasys Dragon IDS Software (Dragon) Version
• Trend Micro Anti-Virus VirusWall Version 3.8, eManager 3.7, and
IMSS Version 5.1.
• Websense Enterprise URL Filtering (OPSEC certified) Version
• Squid Web Proxy Cache Software Version 2.5.
• Snort
X-Stream
VirtualTap feature allows customers to create logical “tap” interfaces to pipe flows to an IDS application at the same time flows are being sent to the firewall.
The Firewall Acceleration Module (FAM) is software that is used to accelerate firewall flows using Check Point’s SecureXL API. The FAM will not be supported in COS but will be added in a future software release.
The C-Series VPN Acceleration Engine (CS-ACE-S1) is available as an add-on module for higher throughput VPN performance (estimated performance ~ 300 Mbps 3DES).
Models
C10-6C
6 Copper 10/100/1000 (RJ-45)
+ 1 Mgmt Port
C10-2F**
2 Fiber 1000 (SX) + 1 Mgmt Port

41. Number of Applications
C-Series Overview
C30
Larger Remote Offices / Small Data Center
FW Perf: 2-3 Gbps
16 10/100 Mbps –PLUS Mbps Fiber
3-4 Apps (based on throughput req’s)
Hardware-based X-Stream™
C10
Branch/Remote Offices or SMB
FW Perf: 2 Gbps*
6 10/100/1000 Mbps -OR Mbps Fiber
FW/VPN + IDS –OR- FW/VPN + AV
Software-based X-Stream™
Number of Applications
This slide shows the positioning of the C10 and the C30, the two products in the C-Series family.
The C10 is good for smaller branch offices or environments where 2 applications are needed.
The C30 is good for larger offices where
3-4 applications are necessary
High 10/100 port density is required
Redundant Power Supplies are required
While the C10 provides excellent price/performance value for smaller offices, the C30 excels at multi-application deployments due to the hardware-based dual stage processing using Network Processors.
$24,000 USD
$9,995 (Copper) USD
$11,995 (Fiber) USD
Price and Port Density

42. Service and Support INDUSTRY’S ONLY ULTRA SUPPORT
Complete solution support including applications – deal only with 1 vendor!
In country specialists
22 support engineers
200 global partners
WORLDCLASS ACCESS
7 x 24 Global Coverage
Toll-free and International Phone Access
Web-based Self-service ticketing and tracking
Searchable Knowledge Base with 100’s of entries

43. Weather Channel Before Crossbeam

44. Weather Channel With Crossbeam

45. The Basic Idea INTEGRATED SECURITY DEFEND ACCELERATE SCALE
ENSURE AVAILABILITY

46. How To Think About Crossbeam
$10
Switches, HA, etc. $4 $5
Others
Crossbeam
$14 $5

47. uestions?