Home   |   Contact   |   Deutsch    deutsch_flag
spacer
spacer
Call: +44 (0) 1483 227600 
Email: info@wickhill.com

spacer
spacer
spacer
company
products
services
support
knowledgelibrary
partners
training
spacer
arrow
   Home > Products > Checkpoint
spacer

Products
Vendors
Technology Search
Network Diagram
Promotions
Check Point
Check Point
Network Security
Check Point Security Appliances
Network Firewall and VPN Products
Unified Threat Management
Intrusion Detection & Prevention
Check Point IP Appliances
Data Security/Endpoint Security
Check Point Abra
Secure Access
Check Point Full Disk Encryption
Check Point Media Encryption
Pointsec Mobile
Total Security
Security Management
Security Policy Management
Security Information & Event Management
Software Blades
Security Management Systems
Security Management Software Blades
Network Policy Management
Endpoint Policy Management
Logging & Status
Monitoring
Management Portal
User Directory
IPS Event Analysis
Provisioning
Reporting
Event Correlation
Security Gateway Software Blades
Firewall
JPSec VPN
IPS
Web Security
URL Filtering
Antivirus & Anti-Malware
Anti-Spam & Email Security
Advanced Networking
Acceleration & Clustering
Voice over IP

callback_request
spacer
 spacer

Web Security Software Blade
Web Security Software Blade

Overview

Check Point's VPN Software Blade is an integrated software solution that provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. The blade integrates access control, authentication and encryption to guarantee the security of network connections over the public Internet.

Key Benefits

  • Simple, centralized management of remote access and site-to-site VPNs
  • Enhanced IPsec VPN security
  • Multiple remote access VPN connectivity modes to support road warriors from all locations and networks

Features

Simplified Site-to-Site VPN
The IPsec Software Blade provides a unified method to create and manage complex VPNs. The SmartDashboard enables administrators to define participating gateways—including third-party gateways—in large-scale VPNs. VPN gateways can be configured for both star and mesh topologies in minutes with an integrated certificate authority to manage keys.

Multiple VPN Creation Methods
Route-based VPNs—administrators define what traffic should be encrypted by VPN rules, enabling the creation of complex large-scale site-to-site VPNs in dynamic environments. Route-based VPNs also support the extension of dynamic routing and multicast communities across VPNs.

Domain-based VPNs—administrators define which resources behind the gateway should have encrypted VPN traffic.

Enhanced IPsec VPN Security
A key element in Check Point’s philosophy is that VPN connectivity must be matched with a high level of security. The IPsec Software Blade enables you to connect remote users, sites, and partners without worrying that your VPN will become a network backdoor. At your discretion, the IPsec blade can apply the entire security policy to encrypted traffic, a subset of traffic, or allow VPN traffic to enter uninspected.

In addition, the IPsec Software Blade provides strong security for the VPN against DoS attacks such as those directed against the Internet Key Exchange (IKE) mechanism. The IPsec blade implements a unique solution for IKE DoS, asking unknown gateways attempting to connect to solve a computationally intensive problem before allocating resources.

Flexible Remote Access Support
Every enterprise has unique requirements for remote access. The IPsec Software Blade provides flexibility to design a solution to meet your needs with a number of remote access VPN client choices.

  • Check Point Endpoint Security —Check Point Endpoint Security is the first single agent for total endpoint security that combines a remote access VPN with the highest-rated firewall, network access control (NAC), program control, antivirus, anti-spyware, and data security features.
  • SecuRemote—SecuRemote is a basic VPN client that offers IPsec connectivity for remote users.
  • SecureClient—SecureClient is an advanced VPN client that offers IPsec connectivity for remote users.
  • SecureClient Mobile —SecureClient Mobile delivers firewall protection and secure, uninterrupted remote access for wireless devices such as mobile phones.
  • L2TP for iPhone —Support for the iPhone’s built-in L2TP VPN client.

Multiple Remote Access VPN Connectivity Modes
The IPsec blade provides various modes to address a variety of connectivity and routing issues faced by remote users.

Office Mode addresses routing issues between the client and the gateway by encapsulating IP packets with the remote user’s original IP address, thereby enabling users to appear as if they were “in the office” while connecting remotely. Office Mode also provides enhanced anti-spoofing by ensuring that the IP address encountered by the gateway is authenticated and assigned to the user.

Visitor Mode enables employees to access resources while they are working at a remote location such as a hotel or a customer office, where Internet connectivity may be limited to Web browsing using the standard HTTP and HTTPS ports.

Hub Mode enables rigorous, centralized inspection of all client traffic, removing the need to deploy security functions to multiple offices, and giving employees secure client-to-client communications such as Voice over IP (VoIP) or Internet conferencing using applications like Microsoft NetMeeting.

Specifications

Feature Details
Authentication Methods Password, RADIUS, TACACS, X.509, SecurID
Certificate Authority Integrated X.509 certificate authority
VPN communities Automatically sets up site-to-site connections as objects are created
Topology Support Star and mesh
Route-based VPN Utilizes Virtual Tunnel Interfaces, numbered/unnumbered interfaces
VPN resiliency Multiple Entry Point (MEP), Wire Mode
VPN route injection Route Injection Mechanism (RIM)
Site-to-site VPN modes Domain Based, Route Based
Directional VPN Enforcement between or within community
IKE (Phase 1) Key Exchange AES-256, 3DES, DES, CAST
IKE (Phase 1) Data Integrity MD5, SHA1
IPsec (Phase 2) Data Encryption 3DES, AES-128, AES-256, DES, CAST, DES-40CP, CAST-40, NULL
IPsec (Phase 2) Data Integrity MD5, SHA1
IKE (Phase 1) & IPsec (Phase 2) Diffie-Hellman Groups Group 1 (768 bit), Group 2 (1024 bit), Group 5 (1536 bit), Group 14 (2048 bit)
IKE (Phase 1) Options Aggressive Mode
IPsec (Phase 2) Options Perfect Forward Secrecy, IP Compression
Mobile device support L2TP support for iPhone, SecureClient Mobile for Windows Mobile
Multiple IPsec VPN Clients Check Point Endpoint Security, SecureClient, SecuRemote

Support

Threats to networks are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Services protect against emerging threats with critical hot software fixes, service packs, and major software upgrades.

Benefits

  • Ensure continuous security with access to critical hot fixes and service packs
  • Maximize ROI and investment with access to major upgrades and enhancements
  • Increase security with the latest applications, features, and technologies


 


request_further_info
arrow_top
 top

spacer

check_point_logo

Browse Products:


Check Point Product
A-Z finder

 

 
  © Copyright 2006 Wick Hill Ltd. All rights reserved. Errors and omission excluded.
  All deals, offers and specifications subject to availability and subject to change without notice		 Home  |  Contact
blog stats