Check Point SecureXL: An Overview

Check Point SecureXL is a performance-boosting technology designed to accelerate the processing of network traffic through Check Point firewalls. It enhances the performance of the Security Gateway by offloading CPU-intensive operations to dedicated network processors. This document provides an overview of SecureXL, its components, how it works, and its benefits.

Key Components of SecureXL

  1. SecureXL Acceleration: This is the core technology responsible for improving traffic throughput. It achieves this by bypassing the slower path of traditional packet inspection when possible.
  2. SecureXL Devices: These are specialized hardware components that assist in accelerating the traffic. They include Network Interface Cards (NICs) and Network Processing Units (NPUs).
  3. SecureXL Templates and Flows:
    • Templates: Created for specific types of connections, allowing new connections that match these templates to be processed faster.
    • Flows: Handle ongoing connections, ensuring that packets belonging to an established session are processed efficiently.

How SecureXL Works

SecureXL operates by differentiating between packets that require full inspection and those that do not. The packets are categorized and processed based on predefined rules and the state of the connection.

  1. Initial Packet Inspection: The first packet of a new connection undergoes full inspection by the Security Gateway. This inspection involves checking security policies, performing deep packet inspection (DPI), and other security checks.
  2. Template Creation: After the initial packet is inspected and allowed, SecureXL creates a template for the connection. This template contains information about the source, destination, protocol, and other relevant data.
  3. Fast Path Processing: Subsequent packets that match the template are processed using the fast path. These packets bypass the full inspection and are handled directly by the SecureXL device, significantly reducing latency and improving throughput.
  4. Flow Management: SecureXL manages flows for established connections, ensuring that packets belonging to these connections are processed quickly. It maintains state information to efficiently route and process these packets.
  5. Offloading to Hardware: For connections and packet types that can be accelerated, SecureXL offloads the processing to specialized hardware components. This reduces the load on the main CPU and allows the firewall to handle more traffic with lower latency.

Integration with OneFirewall and WCF Agent

OneFirewall leverages Check Point SecureXL to handle the immense task of pushing and constantly updating thousands, and in some cases, millions of rules to prevent malicious traffic. This integration provides the advantage of using Check Point’s advanced technology to perform real-time updates on traffic.

OneFirewall employs a module named WCF Agent, which incorporates a series of sub-modules. One of these sub-modules is specifically tailored for SecureXL, enhancing its capabilities to handle dynamic rule updates efficiently. The WCF Agent works in tandem with SecureXL to ensure that the Security Gateway can apply new security policies and rules without significant delays, maintaining optimal performance even under high loads.

Benefits of Using SecureXL with OneFirewall

  1. Real-Time Rule Updates: The combination of SecureXL and OneFirewall’s WCF Agent allows for real-time updates of security rules, ensuring that the firewall can respond quickly to new threats.
  2. Scalable Performance: By efficiently handling millions of rules and leveraging SecureXL’s acceleration capabilities, OneFirewall can scale to meet the needs of large and dynamic network environments.
  3. Enhanced Throughput and Latency: SecureXL’s fast path processing and hardware offloading are further optimized by the WCF Agent, providing even greater throughput and reduced latency.
  4. Continuous Protection: The ability to constantly update security rules ensures that the network is continuously protected against emerging threats without compromising performance.

SecureXL Monitoring and Configuration

SecureXL provides various tools and commands for monitoring and configuring its operation. Administrators can use the Check Point CLI to view statistics, performance metrics, and adjust settings.

  • Monitoring: Commands like fwaccel stat provide insights into SecureXL status and performance.
  • Configuration: SecureXL settings can be adjusted to fine-tune performance, such as enabling or disabling specific acceleration features.