Overview:
Enterprises need data center security to perform at the speed of the network, to enable the transfer of hundreds of terabytes of data in minutes instead of hours, provide low latency for high frequency financial transactions, while scaling on demand to support high growth businesses like online commerce.
Introducing Quantum Lightspeed, the biggest network security revolution in the last decade. Quantum Lightspeed sets the standard in data center firewall security, delivering 20x better security price performance than competing solutions. Quantum Lightspeed hyper-fast firewalls deliver 5 times the security throughput, scales up to 3 Tbps per system (800 Gbps per single gateway), while delivering 3 microseconds of ultra-low latency.
Introducing Lightspeed
Quantum Lightspeed sets the standard in data center firewall security, delivering 20x better security price performance than competing solutions. Quantum Lightspeed hyper-fast firewalls deliver 5 times the security throughput, scales up to 3 Tbps per system (800 Gbps per single gateway), while delivering 3 microseconds of ultra-low latency.
Secure Hi-speed Data Transfers
650 Gbps line-rate in a single firewall
Protect Hi-frequency Trading Apps
3μSec ultra low latency
Support Hyper Growth with Scalable Throughput
Scale up to 3.0 Tbps of firewall performance
Features:
Low Latency, High Throughput Firewall
Quantum QLS650 firewalls are equipped with one NVIDIA ConnectX network interface card (NIC), with 2x 100G QSFP28 ports. NVIDIA ConnectX NICs offload network processing from the host CPUs, providing substantial performance gains of up to 200 Gbps for trusted firewall traffic. In addition firewall latency is significantly reduced, to a low 3μSec at nearly line rate ensuring access to data and higher throughput with minimal delay.
All-inclusive, Resilient Security
Check Point QLS650 firewalls include the Check Point stateful inspection firewall and are also available in all-inclusive security packages such as NGFW (Application Control with IPS), NGTP (NGFW with URL filtering, antivirus and anti-bot) or SandBlast (NGTP with sandboxing and Threat Extraction, a Content Disarm & Reconstruction technology). In addition the QLS650 has redundancy built-in with two SSD drives in a RAID1 array and hot-swappable redundant power supplies, ensuring continuity when one unit fails.
Maestro Hyperscale Lightspeed
Check Point Maestro brings scale, agility and elasticity of the cloud on premise with efficient N+1 clustering based on Check Point HyperSync technology, maximizing the capabilities of Lightspeed firewalls. Create your own virtualized private-cloud premise by stacking multiple Check Point security gateways together. Group them by security feature set, policy or the assets they protect and further virtualize them with virtual systems technology.
When a gateway is added to the system, it gets all the configurations, the policy, even the software version, updated and aligned with the existing deployment, and is ready to go within 6 minutes.
Remote Management and Monitoring
A Lights-Out-Management (LOM) card provides out-of-band remote management to remotely diagnose, start, restart and manage the appliance from a remote location. Also use LOM for remote installs of the GAiA OS.
NVIDIA ConnectX
The eight single-width slots in the QLS650 support three NVIDIA ConnectX dual-width network cards, each with 2x 100G QSFP28 ports, supporting an aggregate throughput of 200G of firewall throughput through each ConnectX. The dual-width cards maximizes the PCIe bandwidth beyond a single slot limit. With the three ConnectX NICs in the QLS650 access to data and higher throughput with minimal delay is ensured for trusted traffic.
Focused, Parallel Processing
For advanced inspection such as IPS that requires pattern matching, connections are distributed to the multiple cores of the QLS650. In a nutshell this is how Check Point delivers a network security architecture that offers true threat prevention, not just threat detection. It does this without delay in one session, scales across multiple sessions, and is agile enough for deployment wherever you need security - on premises and in the cloud.
Lightspeed Security Use Cases:
Any Enterprise with a Data Center, Hybrid Cloud or Distributed Data Centers
Secure High Speed Transfers of Large Data Sets: Networks converge at the data center core and in high speed interconnects between data centers and the hybrid cloud. Businesses routinely transfer large data sets across these networks for data analysis, disaster recovery planning and workload migration.
Quantum Lightspeed 100 gigabit network interfaces enables enterprises to accelerate these transfers of large data sets across data center core and data center interconnects - supporting up to 250, 450, 650 and 800 Gbps of single firewall throughput in the QLS250, QLS450, QLS650 and QLS800 respectively. Add redundancy and scale even higher using the unique Maestro Active-Active load sharing solution where multiple Quantum Lightspeed firewalls scale throughput nearly linearly with each additional firewall added to the cluster.
Banking and Financial Services
Secure Financial Transactions with Micro-second Latency: In the world of finance where trading and cryptocurrency algorithms generate millions of transactions, a fraction of a second makes a huge difference. In some reports 80% of trading on the stock market is done via algorithmic-based automated programs that execute software programs to buy, sell or hold assets.
High frequency trading firms need network security technology that does not introduce latency and satisfies regulatory and compliance security mandates. The Quantum Lightspeed NGFW series enables banking, insurance and investment firms to securely increase transaction capacity for high frequency applications by deploying network security that performs at the speed of business - with low 3μSec latency.
The 100 gigabit QSFP28 network interfaces in the Quantum Lightspeed firewalls comfortably handle initial transfers of large data sets at the start of the trading day. They also support up to 100G elephant flows. These are characterized by a large, continuous flow that stays open and occupies a disproportionate share of the total bandwidth of a network link for a long duration.
Any Enterprise Requiring Investment Security
Support Hyper-growth with Scalable Security Throughput: Some businesses such as ecommerce see wide and seasonal requirements in online traffic. In 2020 all businesses saw a boost in traffic as workers moved to a work from home model. Other scenarios requiring scalable security are business mergers, data center consolidation and migrations to cloud, hybrid cloud and hybrid data center models.
When used in the unique Maestro Hyperscale Network Security solution, enterprises can scale to up to 3 Tbps of firewall throughput. Each additional firewall added to the Maestro Active-Active load sharing cluster, scales throughput nearly linearly. Furthermore customers can group multiple firewalls into Security Groups and move firewalls manually or dynamically as needed from one group to another as needed to meet changes in traffic demands. Security Groups are logical groups of appliances where each Security Group has dedicated internal and external interfaces and may have a different configuration set and policy. The Maestro Orchestrator MHO175 has a total fabric capacity of 3.2 Tbps with 400 nsec port to port latency and supports up to 32x 100GbE or 128x 10GbE network interfaces.
Telco 5G Networks
Support Hyper-growth with Scalable Security Throughput: The demand for improved speeds, low latency, and connecting a larger number of devices has paved the path to 5G, fifth generation digital cellular networks. Telco mobile operator 5G networks are also expected to be widely used for private networks with applications in industrial IoT, enterprise networking, and critical communications. The network topology will be sliced with logical networks riding on top of the core infrastructure and previously unimaginable services will be created. These use cases require the ability for mobile operators to scale security functions with elasticity using Quantum Maestro in order to guarantee service continuity and availability.
Specifications:
Firewall System Performance |
Firewall 1518B UDP (Gbps) |
650 |
Firewall Latency (avg) |
3μSec |
Concurrent Connections |
32M |
Accelerated 100GbE Ports |
6 |
Additional System Performance |
IPS (Gbps) |
52.2 |
NGFW (Gbps)
1 |
51.5 |
NGTP (Gbps)
2 |
30 |
VPN-AES 128 (Gbps)s |
49 |
Virtual Systems (max) |
250 |
Additional Features |
CPU Cores |
2x 36 physical, 72 virtual |
Storage |
2x 960GB SSD RAID1 array |
Redundant Power |
3x AC (DC option) |
Memory (RAM) Default/Max |
192 GB |
LOM |
✓ |
Console Port |
RJ-45 and 1x USB-C |
USB Ports |
✓ |
Network |
Network Ports |
2x 10/100/1000Base-T RJ-45 ports, 8x SFP+ 10G ports, 6x accelerated QSFP28 100G ports |
VLAN Maximums |
1024 single gateway, 4096 with virtual systems |
802.3ad link Aggregation |
✓ |
Deployments |
Layer 2 (transparent), Layer 3 (routing) |
High Availability |
Active-Passive |
Unicast and Multicast Routing |
OSPFv2 and v3, BGP, RIP, PIM-SM, PIM-SSM, PIM-DM, IGMP v2, and v3 |
Policy-based Routing |
✓ |
User-based Policy |
Microsoft AD, LDAP, RADIUS, Cisco pxGrid, Terminal Servers and with 3rd parties via a Web API |
Physical |
Enclosure |
3RU |
Dimensions (W x D x H) |
17.4 x 24 x 5.2 in., (442 x 610 x 132mm) |
Weight |
46.3 lbs. (21 kg) |
Power, Environments |
Dual, Hot-Swappable |
✓ |
Power Input |
AC:(100 to 240VAC, 47-63Hz), DC 40~-72VDC |
Power Supply Rating |
AC 850W, DC 1300W |
Power Consumption (avg/max) |
AC 330W/909W |
Thermal Output (max) |
3101 BTU/hr |
Operating Environment |
Operating (0° to 40°C, humidity 5% to 95%), Storage (-20° to 70°C, humidity 5% to 95% at 60°C) |
Certifications |
Safety/Emissions/Environment |
UL, CB, CE, TUV GS / FCC, CE, VCCI, RCM/C-Tick / RoHS, WEEE, REACH1, ISO14001 |
1Includes Firewall, Application Control and IPS with logging enabled.2. Includes Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti-Bot and SandBlast Zero-Day Protection with logging enabled
All-Inclusive Security:
|
FW |
NGFW |
NGTP |
SNBT |
Firewall |
✓ |
✓ |
✓ |
✓ |
VPN (IPsec) |
✓ |
✓ |
✓ |
✓ |
Content Awareness |
✓ |
✓ |
✓ |
✓ |
Application Control |
|
✓ |
✓ |
✓ |
IPS |
|
✓ |
✓ |
✓ |
URL Filtering |
|
|
✓ |
✓ |
Anti-Bot |
|
|
✓ |
✓ |
Anti-Virus |
|
|
✓ |
✓ |
Anti-Spam |
|
|
✓ |
✓ |
SandBlast Threat Emulation |
|
|
|
✓ |
SandBlast Threat Extraction |
|
|
|
✓ |
Each gateway requires a license for the enabled security feature. Security subscription extensions; NGFW, NGTP and SNBT are available for subsequent years.
Compare:
|
QLS250 |
QLS450 |
QLS650 |
QLS800 |
Firewall 1518B UDP (Gbps) |
250 |
450 |
650 |
796 |
Firewall Latency (avg) |
3μSec |
3μSec |
3μSec |
3μSec |
Concurrent Connections (M) |
32 |
32 |
32 |
32 |
Accelerated 100GbE Ports |
2 |
4 |
6 |
8 |
Additional System Performance |
IPS Throughput (Gbps) |
35 |
43 |
52.2 |
52.2 |
NGFW Throughput (Gbps)
1 |
27 |
40.5 |
51.5 |
51.5 |
Threat Prevention (Gbps)
2 |
15 |
24 |
30 |
30 |
VPN Throughput (Gbps) |
20 |
40.1 |
49 |
49 |
Additional Features |
CPUs/physical cores/virtual cores |
2/24/48 |
2/36/72 |
2/36/72 |
2/36/72 |
SSD Size |
2x 960GB |
2x 960GB |
2x 960GB |
2x 960GB |
Physical |
Enclosure |
2U |
3U |
3U |
3U |
Network |
1 GbE Copper |
✓ |
✓ |
✓ |
✓ |
10 GbE |
✓ |
✓ |
✓ |
|
Accelerated 100GbE |
✓ |
✓ |
✓ |
✓ |
Accessories |
Memory |
128 GB |
192 GB |
192 GB |
192 GB |
Redundant Storage |
✓ |
✓ |
✓ |
✓ |
Redundant Power |
✓ |
✓ |
✓ |
✓ |
LOM |
✓ |
✓ |
✓ |
✓ |
Virtual Systems |
Maximums |
250 |
250 |
250 |
250 |
1. Includes Firewall, Application Control, IPS. 2. Includes Firewall, Application Control, URL Filtering, IPS, Antivirus, Anti-Bot, SandBlast.