home contact us

           PRODUCT DETAILS
         SECURITY GATEWAYS

Check Point Enterprise Suites

Check Point Express

VPN-1 Pro
       SECURITY APPLIANCES

InterSpect Appliances

Safe@Office Appliances

VPN-1 Edge Appliances

Nokia Appliances

Firewall Fast
          SECURITY GATEWAY
                    COMPONENTS

ClusterXL

ConnectControl

FloodGate-1

SmartDefense

SSL Network Extender

UserAuthority

Web Intelligence
       SECURITY MANAGEMENT

SmartCenter & SmartCenter Pro

SmartView Monitor

SmartView Reporter

Provider-1

SiteManager-1
         ENDPOINT SECURITY

VPN-1 Clients

Zone Labs Integrity

Connectra Appliances
<

Policy Based Quality of Service Management

FloodGate-1 precisely controls the flow of inbound and outbound data packets at WAN and Internet access points based upon a bandwidth management policy. A policy consists of traffic rules, which assign bandwidth privileges to specific classes of packets. Each traffic rule defines the two fundamental requirements for bandwidth management – packet classification and bandwidth control.

Classification

The first step is to identify important traffic. Leveraging Check Point’s patented Stateful Inspection technology, FloodGate-1 classifies traffic according to:

  • Internet service
  • Application
  • Source
  • Destination
  • Groups of users
  • Groups of Internet services
  • Specific URL designators
  • Traffic direction
  • Time of day

More than 100 Internet services and applications are supported. In addition, when integrated with VPN-1, FloodGate-1 is able to securely classify encrypted traffic, both in aggregate and within the VPN tunnel. Dedicated bandwidth management devices cannot securely and efficiently manage encrypted traffic.

QoS Control Mechanisms

Once a packet has been classified, bandwidth control criteria are applied to each class. Control criteria are used to assign privilege to important traffic or limit less important traffic. Primary control criteria include weighted priorities, guarantees, and limits. Each criterion can be applied alone or in concert.

Weighted priorities allocate bandwidth according to relative merit as defined by business goals. For example, secure electronic commerce transactions (HTTPS) may be deemed twice as important as regular catalog browsing (HTTP.) When congestion occurs, FloodGate-1 ensures that the data ratio of secure transaction to catalog browsing is maintained at 2:1.

FloodGate-1's weighted priorities are unique for two reasons. First, any integer number can be used to define a priority level so that an unlimited number of priorities can be defined. Second, by allocating bandwidth according to weights, FloodGate-1 ensures that no class of traffic is completely starved.

Guarantees allocate minimum bandwidth levels to traffic flows that require certain service levels at all times. For example, streaming applications such as video conferencing, require a minimum amount of bandwidth in order to function properly. Generally, guarantees are set for a group of connections in aggregate, but they can also be set on a per connection basis. FloodGate-1's guarantee implementation, unlike basic bandwidth reservations or partitions, allows unused bandwidth to be lent to other traffic classes.

Limits set bandwidth restrictions for non-critical network applications. A typical implementation would limit allocation to bandwidth-intensive "push" technologies.




© Copyright 1997-2005, Mission Critical Systems, All Rights Reserved