Firewall 1 Datasheet
-
Upload
sunilppipal -
Category
Documents
-
view
222 -
download
0
Transcript of Firewall 1 Datasheet
8/4/2019 Firewall 1 Datasheet
http://slidepdf.com/reader/full/firewall-1-datasheet 1/4
FIREWALL-1Secure Virtual Network Architecture
The Challenge:Internet technology is driving a genuine businessrevolution in which companies are redefining the
way they communicate with customers, sel l
products, and form business relat ionships.
As companies embrace the Internet to forge
new business models, Internet security has never
been more important. To maintain the trust of
partners and customers, organizations need to
provide access to critical applications, data, and
other resources, while at the same time securing all
element s of their ent erprise network—networks,
systems, applicat ions, an d users—across th e
Internet, intranets, and extranets.
The Solution:Check Point Software Technologies Ltd. meets this
challenge with FireWall-1®, the indust ry’s leading
Internet security solution. FireWall-1 is a complete
enterprise security suite that integrates access
control, authentication, network address translation,
content security, auditing, and more. It enables
organizations to define and enforce a single,
comprehensive securi ty policy that protects
all network resources enterprise-wide. Its innovative
three-tier architecture, patented Stateful Inspection
technology, and the Open Platform for Security
(OPSEC™) deliver a h ighly scalab le solu tion tha t
is able to integrate and centrally manage all
aspects of Internet security. FireWall-1 offers
superior protection with the widest choice of
configurations and deployment platforms to meet
your organization’s specific needs.
DATASHEET
FireWall-1 can be easily deployed throughout an organization
for true enterprise security.
Product Features
• Delivers strong access control, authentica-
tion, content security, and more
• Integrates management of securi ty, VPNs,
NAT, QoS, and personal firewalls
• Enables cent rali zed management and
automatic deployment of securit y policy
• Support s open platforms and integrated
security appliances
• Incorporates Check Point ’s SecureXL™
performance technology
Product Benefits• Ensures maximum securi ty for eBusiness
environments
• Simplifies security management
• Enforces a comprehensive securi ty policy
consistently enterprise-wide
• Enhances flexibilit y to deploy most appro-
priate hardware platform
• Enables multi-gigabit firewall performance
Internet
FireWall-1Gateway
FireWall-1SecureServer
8/4/2019 Firewall 1 Datasheet
http://slidepdf.com/reader/full/firewall-1-datasheet 2/4
Security Enforcement PointsAccess Control
FireWall-1 is based upon Stateful Inspection, the de
facto standard for Internet security, invented and
patented by Check Point Software to provide appli-
cation-layer awareness without the need for
proxies. It supports more than 150 pre-defined
applications, services, and protocols out of the box,
including commonly used applications such as
HTTP, SMTP, FTP, and telnet. In addition, FireWall-1
supports important business applications such as
Oracle SQL, multimedia applications such as
RealVideo and Windows Media; and H.323-based
services like Voice over IP and NetMeeting.
Authentication
Before granting access to sensit ive network
services, organizations must validate user authen-
ticity. Check Point Software’s open architecture
allows numerous authentication solutions to
be integrated into an enterprise-wide security
policy, including FireWall-1 passwords, smart cards,token-based products like SecurID, LDAP-stored
passwords, RADIUS or TACACS+ authentication
servers, and X.509 digital certificates.
Network Address Translation™
FireWall-1 conceals internal network addresses
from th e Internet —avoiding t heir disclosure as
public information —through robust, easy- to-
manage Network Address Translation (NAT).
Integrated with Stateful Inspection technology,
Check Point’s NAT provides the industry’s most
secure implementation of address translation andsupports a broad range of Internet services.
FireWall-1 automatically generates both static and
dynamic translation rules based on the information
provided when a network administrator or manager
sets up objects such as hosts, networks, and
gateways. Network Address Translation enables
organizations to maintain unregistered IP address-
ing schemes and provides Internet access to all
users utilizing a single corporate IP address.
Content Security
Check Point FireWall-1 protects users from virus
attacks, malicious Java and ActiveX applets, and
undesirable Web content through its integrated
content security capabilities. Each HTTP, SMTP, or
FTP connection can be established through a
FireWall-1 security server, enabling the network
manager to control access to specific resources with
a high degree of granularity. For example, access
can be controlled to specific Web pages and actions,FTP files and operations (e.g. PUT/GET commands),
SMTP-specific header fields, and more.
Third Party Application Support
Through its support for the OPSEC framework,
Check Point FireWall-1 can leverage several open
APIs to interface with third-party content security
applications. This enables security managers to
extend the security of their FireWall-1 installation
to provide advanced functionality, such as anti-
virus screening, URL filtering, and Java security.
Malicious Activity DetectionFireWall-1 can detect malicious activity at the
Internet gateway and alert the security manager of
attempted violations of the network security policy.
Malicious Activity Detection analyzes FireWall-1
log records to detect well-known network attacks
and indications of suspicious activity.
Enterprise M anagementM anagement Console
Check Point’s intuitive Management Console
provides a single graphical user interface for defining
and managing multiple elements of a Secure Virtual
Network: firewall security, VPNs, network address
translation, Quality of Service, and VPN client
security. All object definitions (users, hosts, networks,
services, etc.) are shared among all applications for
efficient policy creation and security management.
Administrators can also centrally manage software
distribu tion for FireWall-1 with Secur eUpdate™,
reducing the need for IT personnel at branch offices.
This optional module tracks product version infor-
mation and automates the installation of major
updates and service packs to enforcement points andthird-party OPSEC products, enabling administrators
to more easily control their security environment.
8/4/2019 Firewall 1 Datasheet
http://slidepdf.com/reader/full/firewall-1-datasheet 3/4
Three- Tier Architecture
FireWall-1 is designed to deliver scalable security
management for organizations of all sizes, from
small offices to globally dispersed enterprise
networks. With a unique three-tier architecture, a
single enterprise-wide security policy can be
centrally managed and automatically deployed to
an unlimited number of FireWall-1 enforcement
points. Automatic policy distribution eliminates the
possibility of misconfiguration when managing
multiple firewalls.
Visual Policy Editor
Part of FireWall-1’s Management Console, the
optional Visual Policy Editor provides managers
with a detailed graphical map of the objects in their
security deployment (e.g., firewalls, VPNs, servers,
networks, etc.). Security administrators can highlight
the location of objects, edit objects, and illustrate
security policy rules. By using the Visual Policy
Editor to validate security rules, administrators
gain greater control and improved security while
simplifying management.
Logging and Reporting
FireWall-1’s graphical Log Viewer provides real-t ime
visual tracking, monitoring, and accounting infor-
mation for all connections logged by FireWall-1
enforcement points. Additionally, it logs adminis-
trator actions such as changes to object definitions
or rules, which can dramatically reduce the time
needed to troubleshoot configuration errors.
Administrators can perform searches or filter log
records to quickly locate and track events of
interest. In the case of an attack or otherwise suspi-cious network activity, administrators can use the
Log Viewer to temporarily or permanently
terminate connections from specific IP addresses.
The optional Reporting Module enables administra-
tors to transform detailed FireWall-1 logs into
actionable management reports, presenting infor-
mation in simple, intuitive tables and graphs.
Predefined and custom report templates can be
applied to generate reports.
Three separate management tiers—user int erface, policy
management server and enforcement point s—combine to
provide unparalleled scalability and manageability.
All objects—network, users, and more—are
managed in the objects tree
Security, VPN, NAT, QoS, and Desktop Security
are all managed in the rule base
The most commonly used objects are easily
available in the objects list
The Visual Policy Editor provides a detailed,
graphic map of the securit y deployment
reWall- 1 M anagement Console
reWall-1 simplifies securit y by providing centralized management with al l
ecessary information readily accessible.
ManagementConsole
ManagementServer
EnforcementPoints
FireWall-1
V P N- 1SecureServer
V P N- 1
8/4/2019 Firewall 1 Datasheet
http://slidepdf.com/reader/full/firewall-1-datasheet 4/4
P/N 500453
©2001 Check Point Software Technologies Ltd. All rights reserved. Check Point, the Check Point logo, FireWall-1, FireWall-1 SecureServer,
FireWall-1 SmallOffice, FloodGate-1, INSPECT, IQ Engine, Meta IP, Open Security Extension, OPSEC, Provider-1, SecureCluster,
SecureKnowledge, SecureUpdate, SecureXL, SiteManager-1, SVN, User-to-Address Mapping, UserAuthority, Visual Policy Editor, VPN-1,VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 SmallOffice, and
ConnectControl are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names
mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected
by U.S. Patent No. 5,606,668 and 5,835,726 and ma y be protected by other U.S. Patents, foreign pa tents, or pendin g applications.
Secure Virtual Network Architecture
All Check Point Software products are built on our Secure Virtual Network (SVN) Architecture to provide secure
and seamless connectivity of users, networks, systems, and applications across Internet, intranet, and extranet
environments. Check Point Software's SVN solutions are available from industry-leading resellers and service
providers worldwide. For more information, please go to: www.checkpoint.com
Unparalleled Performanceand AvailabilitySecurity deployments today can require up to gigabit
firewall performance without compromising security.
Check Point delivers unparalleled performance with
SecureXL—a security performance architecture that
incorporates a number of innovate acceleration tech-
nologies. Included in this comprehensive architecture
is the SecureXL API, an open interface for offloading
intensive security operations to either hardware
accelerators or optimized software. A range of
SecureXL-enabled acceleration products is available
from Check Point and its partners that enable multi-
gigabit performance on both open servers and
integrated security appliances.
Sophisticated Load Sharing and Fail Over
SecureCluster™, a n option al SecureXL-ba sed
module, is an advanced high availability and load
sharing solution for all gateway traffic. Traffic of
all types is distributed across a cluster of firewall
gateways resulting in near linear performance gainsas addit ional cluster members are added. In
addition, state-table information between all tables
is continuously synchronized. In the event that a
single gateway becomes unreachable, all new and
ongoing connections are redirected to remaining
cluster members. No connections of any kind are
dropped during a fail-over.
The Foundation for Secure VPNsFireWall-1 provides the underlying platform for
Check Point’s industry-leading Virtual Private
Network solutions—VPN-1®. Integra ting network security and VPN capability eliminates the need
to open multiple ports, or “holes,” in the firewall
to blindly pass VPN traffic as is necessary
with many standalone VPN devices. Instead, all
controls defined in the FireWall-1 security policy
are applied to VPN traffic—guarant eeing complete
integrity of network security.
Window s 2000 (SP0 and SP1)Windows NT4.0 (SP4 through SP6a)Windows XP Server Sun Solaris 7 (32-bit mode only)Sun Solaris 8 (32- or 64- bit mode)Red Hat Linux 6.2, 7.0
40 MB
128 MB
ATM
Ethernet Fast Ethernet FDDI Gigabit Ethernet Token Ring
Windows 2000, 98, ME, NT, XP Sun Solar is SPARC
40 MB
128 MB
Specifications
Management Server and
Enforcement Module
FireWall- 1 is available wit h open platf orm support on Windows,Linux, Solaris, and other operating systems; or as an integrated appliance from leading hardware vendors. Corporati ons can deploy FireWall-1 solutions on either external and internal network gateways, or FireWall- 1 SecureServer™t o prot ect a
single critical application server.
Management Console
Operating Systems
Disk Space
Memory
Network Interface
Disk Space
Memory
Any FireWall-1 installation can be easily upgraded
to VPN-1. VPN-1 solutions can also be purchased as
a fully integrated solution incorporating FireWall-1.
System Requirement s
FireWall-1 software can run on a variety of
platfor ms—both secur ity applian ces and open
servers running Linux, Unix and Windows—to meet
the needs of any deployment.
Operating Systems