This document provides test results for the Check Point 15600 Next Generation Threat Prevention (NGTP) Appliance R80.20 OS build 2 (IPS signature: package 635184905).

During the NSS Labs 2018 Next Generation Firewall (NGFW) Group Test, the Check Point 15600 Next Generation Threat Prevention (NGTP) Appliance R80.20 failed to detect five evasions and did not pass all of the stability and reliability tests. This affected its placement in NSS’ 2018 NGFW Security Value Map (SVM)™.

After working closely with NSS, Check Point updated its software and released Check Point 15600 Next Generation Threat Prevention (NGTP) Appliance R80.20 OS build 2 (IPS signature: package 635184905). The updated device was subjected to testing under the same NGFW Test Methodology v8.0 and appropriately handled 190 out of the 190 evasions it was tested against. Furthermore, the device passed all stability and reliability tests, improving its exploit block rate by 0.45% and improving performance by 635 Mbps.

NSS research indicates that NGFWs are typically deployed to protect users rather than data center assets, and that the majority of enterprises will not separately tune intrusion prevention system (IPS) modules within their NGFWs. Therefore, during NSS testing, NGFW products are configured with the vendor’s pre-defined or recommended (i.e., “out-of-the-box”) settings in order to provide readers with relevant security effectiveness and performance dimensions based on their expected usage.