Firewall 1 Datasheet

8/4/2019 Firewall 1 Datasheet

http://slidepdf.com/reader/full/firewall-1-datasheet 1/4

FIREWALL-1Secure Virtual Network Architecture

The Challenge:Internet technology is driving a genuine businessrevolution in which companies are redefining the

way they communicate with customers, sel l

products, and form business relat ionships.

As companies embrace the Internet to forge

new business models, Internet security has never

been more important. To maintain the trust of

partners and customers, organizations need to

provide access to critical applications, data, and

other resources, while at the same time securing all

element s of their ent erprise network—networks,

systems, applicat ions, an d users—across th e

Internet, intranets, and extranets.

The Solution:Check Point Software Technologies Ltd. meets this

challenge with FireWall-1®, the indust ry’s leading

Internet security solution. FireWall-1 is a complete

enterprise security suite that integrates access

control, authentication, network address translation,

content security, auditing, and more. It enables

organizations to define and enforce a single,

comprehensive securi ty policy that protects

all network resources enterprise-wide. Its innovative

three-tier architecture, patented Stateful Inspection

technology, and the Open Platform for Security

(OPSEC™) deliver a h ighly scalab le solu tion tha t

is able to integrate and centrally manage all

aspects of Internet security. FireWall-1 offers

superior protection with the widest choice of

configurations and deployment platforms to meet

your organization’s specific needs.

DATASHEET

FireWall-1 can be easily deployed throughout an organization

for true enterprise security.

Product Features

• Delivers strong access control, authentica-

tion, content security, and more

• Integrates management of securi ty, VPNs,

NAT, QoS, and personal firewalls

• Enables cent rali zed management and

automatic deployment of securit y policy

• Support s open platforms and integrated

security appliances

• Incorporates Check Point ’s SecureXL™

performance technology

Product Benefits• Ensures maximum securi ty for eBusiness

environments

• Simplifies security management

• Enforces a comprehensive securi ty policy

consistently enterprise-wide

• Enhances flexibilit y to deploy most appro-

priate hardware platform

• Enables multi-gigabit firewall performance

Internet

FireWall-1Gateway

FireWall-1SecureServer



Security Enforcement PointsAccess Control

FireWall-1 is based upon Stateful Inspection, the de

facto standard for Internet security, invented and

patented by Check Point Software to provide appli-

cation-layer awareness without the need for

proxies. It supports more than 150 pre-defined

applications, services, and protocols out of the box,

including commonly used applications such as

HTTP, SMTP, FTP, and telnet. In addition, FireWall-1

supports important business applications such as

Oracle SQL, multimedia applications such as

RealVideo and Windows Media; and H.323-based

services like Voice over IP and NetMeeting.

Authentication

Before granting access to sensit ive network

services, organizations must validate user authen-

ticity. Check Point Software’s open architecture

allows numerous authentication solutions to

be integrated into an enterprise-wide security

policy, including FireWall-1 passwords, smart cards,token-based products like SecurID, LDAP-stored

passwords, RADIUS or TACACS+ authentication

servers, and X.509 digital certificates.

Network Address Translation™

FireWall-1 conceals internal network addresses

from th e Internet —avoiding t heir disclosure as

public information —through robust, easy- to-

manage Network Address Translation (NAT).

Integrated with Stateful Inspection technology,

Check Point’s NAT provides the industry’s most

secure implementation of address translation andsupports a broad range of Internet services.

FireWall-1 automatically generates both static and

dynamic translation rules based on the information

provided when a network administrator or manager

sets up objects such as hosts, networks, and

gateways. Network Address Translation enables

organizations to maintain unregistered IP address-

ing schemes and provides Internet access to all

users utilizing a single corporate IP address.

Content Security

Check Point FireWall-1 protects users from virus

attacks, malicious Java and ActiveX applets, and

undesirable Web content through its integrated

content security capabilities. Each HTTP, SMTP, or

FTP connection can be established through a

FireWall-1 security server, enabling the network

manager to control access to specific resources with

a high degree of granularity. For example, access

can be controlled to specific Web pages and actions,FTP files and operations (e.g. PUT/GET commands),

SMTP-specific header fields, and more.

Third Party Application Support

Through its support for the OPSEC framework,

Check Point FireWall-1 can leverage several open

APIs to interface with third-party content security

applications. This enables security managers to

extend the security of their FireWall-1 installation

to provide advanced functionality, such as anti-

virus screening, URL filtering, and Java security.

Malicious Activity DetectionFireWall-1 can detect malicious activity at the

Internet gateway and alert the security manager of

attempted violations of the network security policy.

Malicious Activity Detection analyzes FireWall-1

log records to detect well-known network attacks

and indications of suspicious activity.

Enterprise M anagementM anagement Console

Check Point’s intuitive Management Console

provides a single graphical user interface for defining

and managing multiple elements of a Secure Virtual

Network: firewall security, VPNs, network address

translation, Quality of Service, and VPN client

security. All object definitions (users, hosts, networks,

services, etc.) are shared among all applications for

efficient policy creation and security management.

Administrators can also centrally manage software

distribu tion for FireWall-1 with Secur eUpdate™,

reducing the need for IT personnel at branch offices.

This optional module tracks product version infor-

mation and automates the installation of major

updates and service packs to enforcement points andthird-party OPSEC products, enabling administrators

to more easily control their security environment.



Three- Tier Architecture

FireWall-1 is designed to deliver scalable security

management for organizations of all sizes, from

small offices to globally dispersed enterprise

networks. With a unique three-tier architecture, a

single enterprise-wide security policy can be

centrally managed and automatically deployed to

an unlimited number of FireWall-1 enforcement

points. Automatic policy distribution eliminates the

possibility of misconfiguration when managing

multiple firewalls.

Visual Policy Editor

Part of FireWall-1’s Management Console, the

optional Visual Policy Editor provides managers

with a detailed graphical map of the objects in their

security deployment (e.g., firewalls, VPNs, servers,

networks, etc.). Security administrators can highlight

the location of objects, edit objects, and illustrate

security policy rules. By using the Visual Policy

Editor to validate security rules, administrators

gain greater control and improved security while

simplifying management.

Logging and Reporting

FireWall-1’s graphical Log Viewer provides real-t ime

visual tracking, monitoring, and accounting infor-

mation for all connections logged by FireWall-1

enforcement points. Additionally, it logs adminis-

trator actions such as changes to object definitions

or rules, which can dramatically reduce the time

needed to troubleshoot configuration errors.

Administrators can perform searches or filter log

records to quickly locate and track events of

interest. In the case of an attack or otherwise suspi-cious network activity, administrators can use the

Log Viewer to temporarily or permanently

terminate connections from specific IP addresses.

The optional Reporting Module enables administra-

tors to transform detailed FireWall-1 logs into

actionable management reports, presenting infor-

mation in simple, intuitive tables and graphs.

Predefined and custom report templates can be

applied to generate reports.

Three separate management tiers—user int erface, policy

management server and enforcement point s—combine to

provide unparalleled scalability and manageability.

All objects—network, users, and more—are

managed in the objects tree

Security, VPN, NAT, QoS, and Desktop Security

are all managed in the rule base

The most commonly used objects are easily

available in the objects list

The Visual Policy Editor provides a detailed,

graphic map of the securit y deployment

reWall- 1 M anagement Console

reWall-1 simplifies securit y by providing centralized management with al l

ecessary information readily accessible.

ManagementConsole

ManagementServer

EnforcementPoints

FireWall-1

V P N- 1SecureServer

V P N- 1



P/N 500453

©2001 Check Point Software Technologies Ltd. All rights reserved. Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer,

FireWall-1 SmallOffice, FloodGate-1, INSPECT, IQ Engine, Meta IP, Open Security Extension, OPSEC, Provider-1, SecureCluster,

SecureKnowledge, SecureUpdate, SecureXL, SiteManager-1, SVN, User-to-Address Mapping, UserAuthority, Visual Policy Editor, VPN-1,VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 SmallOffice, and

ConnectControl are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names

mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected

by U.S. Patent No. 5,606,668 and 5,835,726 and ma y be protected by other U.S. Patents, foreign pa tents, or pendin g applications.

Secure Virtual Network Architecture

All Check Point Software products are built on our Secure Virtual Network (SVN) Architecture to provide secure

and seamless connectivity of users, networks, systems, and applications across Internet, intranet, and extranet

environments. Check Point Software's SVN solutions are available from industry-leading resellers and service

providers worldwide. For more information, please go to: www.checkpoint.com

Unparalleled Performanceand AvailabilitySecurity deployments today can require up to gigabit

firewall performance without compromising security.

Check Point delivers unparalleled performance with

SecureXL—a security performance architecture that

incorporates a number of innovate acceleration tech-

nologies. Included in this comprehensive architecture

is the SecureXL API, an open interface for offloading

intensive security operations to either hardware

accelerators or optimized software. A range of

SecureXL-enabled acceleration products is available

from Check Point and its partners that enable multi-

gigabit performance on both open servers and

integrated security appliances.

Sophisticated Load Sharing and Fail Over

SecureCluster™, a n option al SecureXL-ba sed

module, is an advanced high availability and load

sharing solution for all gateway traffic. Traffic of

all types is distributed across a cluster of firewall

gateways resulting in near linear performance gainsas addit ional cluster members are added. In

addition, state-table information between all tables

is continuously synchronized. In the event that a

single gateway becomes unreachable, all new and

ongoing connections are redirected to remaining

cluster members. No connections of any kind are

dropped during a fail-over.

The Foundation for Secure VPNsFireWall-1 provides the underlying platform for

Check Point’s industry-leading Virtual Private

Network solutions—VPN-1®. Integra ting network security and VPN capability eliminates the need

to open multiple ports, or “holes,” in the firewall

to blindly pass VPN traffic as is necessary

with many standalone VPN devices. Instead, all

controls defined in the FireWall-1 security policy

are applied to VPN traffic—guarant eeing complete

integrity of network security.

Window s 2000 (SP0 and SP1)Windows NT4.0 (SP4 through SP6a)Windows XP Server Sun Solaris 7 (32-bit mode only)Sun Solaris 8 (32- or 64- bit mode)Red Hat Linux 6.2, 7.0

40 MB

128 MB

ATM

Ethernet Fast Ethernet FDDI Gigabit Ethernet Token Ring

Windows 2000, 98, ME, NT, XP Sun Solar is SPARC

40 MB

128 MB

Specifications

Management Server and

Enforcement Module

FireWall- 1 is available wit h open platf orm support on Windows,Linux, Solaris, and other operating systems; or as an integrated appliance from leading hardware vendors. Corporati ons can deploy FireWall-1 solutions on either external and internal network gateways, or FireWall- 1 SecureServer™t o prot ect a

single critical application server.

Management Console

Operating Systems

Disk Space

Memory

Network Interface

Disk Space

Memory

Any FireWall-1 installation can be easily upgraded

to VPN-1. VPN-1 solutions can also be purchased as

a fully integrated solution incorporating FireWall-1.

System Requirement s

FireWall-1 software can run on a variety of

platfor ms—both secur ity applian ces and open

servers running Linux, Unix and Windows—to meet

the needs of any deployment.

Operating Systems

Firewall 1 Datasheet

Documents

Transcript of Firewall 1 Datasheet