שיחת ייעוץ חינם: 1-800-800-570

Check Point Firewall Software Blade
The industry's strongest level of gateway security and identity awareness

Check Point Firewall Software Blade

The Check Point Firewall Software Blade builds on the award-winning technology first offered in Check Point’s FireWall-1 solution to provide the industry’s strongest level of gateway security and identity awareness. Check Point’s firewalls are trusted by 100% of the Fortune 100 and deployed by over 170,000 customers, and have demonstrated industry leadership and continued innovation since the introduction of FireWall-1 in 1994.


Check Point Product
Check Point Security Gateway Blades
Firewall Blade
#CPSB-FW
Included
 
Check Point Security Gateway Blades for High Availability
Firewall Blade for High Availability
#CPSB-FW-HA
Included
 

Benefits:

Check Point invented the stateful packet inspection technology that is utilized by virtually all firewalls today. A long-time leader in Gartner’s Enterprise Network Firewalls Magic Quadrant, Check Point is recognized by the leading analyst firm for its strong technology leadership and vision, and has won multiple awards from other analyst firms over the years. The Check Point Firewall Software Blade incorporates all of the power and capability of the revolutionary FireWall-1 solution while adding user identity awareness to provide granular event awareness and policy enforcement.

Proven gateway security with industry-leading firewall performance

  • Protects over 170,000 customers and 100% of Fortune 100 
  • Includes patented stateful packet inspection
  • Up to 40 Gbps firewall throughput with real-world traffic mix (IMIX)

User and machine identity awareness balance security and business need

  • Enables granular policy definitions per user and group
  • Seamless integration with Active Directory
  • Ideal for protecting environments with social media and Internet applications

Integrated into Check Point Software Blade Architecture

  • Centralized management, logging and reporting via a single console
  • Automatic activation of Firewall Software Blade on security gateway systems

Features:

Access Control

The Firewall Software Blade enables network administrators to securely control access to clients, servers and applications. With detailed visibility into the users, groups, applications, machines and connection types, the Check Point Firewall Software Blade enables network administrators to provide superior protection across the entire security gateway.

User and Machine Awareness

User and machine awareness balances security with business needs by enabling granular policy definitions per user and group.

Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple application-based policy definition per user or group directly from the firewall.

Users’ identification may be acquired in one of three simple methods:

  • Querying the active directory
  • Through a caprive portal
  • Installing a one-time, thin client-side agent

Authentication

To ensure the security of your network, you need to be able to confirm the identity of all users attempting to access it. Authentication assigns access permissions to individuals and groups, based on their level of responsibility and role within the organization.

Based on the industry's most advanced identity awareness, the Firewall Software Blade provides robust authentication capabilities to confirm the identity of all users and establish their rights and privileges.

The authentication component of the Firewall Software Blade offers:
  • Multiple and complementary methods for gaining identity awareness
  • Integrated user and machine awareness functionality across the security gateway and management

Network Address Translation (NAT)

Whether computers have routable or non-routable addresses, administrators may want to conceal their real addresses, to ensure that addresses cannot be seen from outside the organization or from other parts of the same organization. A network's internal address contains the topology of the network and therefore hiding this information greatly enhances security.

Bridge Mode

A security gateway in bridge mode operates as a regular firewall, inspecting traffic and dropping or blocking unauthorized or unsafe traffic, and is invisible to all Layer-3 traffic. When authorized traffic arrives at the gateway, it is passed from one interface to another through a procedure known as bridging. Bridging creates a Layer-2 relationship between two or more interfaces, whereby any traffic that enters one interface always exits the other. This way, the firewall can inspect and forward traffic without interfering with the original IP routing.

Integrated into Check Point Software Blade Architecture

The Firewall Software Blade is integrated into the Software Blade Architecture and included in the Security Gateway container when you purchase a Security Gateway product.

Specifications:

Feature Details
Protocol/Application Support 500 plus protocol types
VoIP Protection SIP, H.323, MGCP and SIP with NAT support
Network Address Translation Static/hide NAT support with manual or automatic rules
DHCP Gateways Security gateways can have dynamic IP addresses
VLAN Up to 256 VLANs per interface
Link Aggregation 802.3ad passive and 802.3ad active
Bridge Mode / Transparent Mode Inspect traffic without interfering with the original IP routing
Extensive Set of Policy Objects Individual node, networks, groups, dynamic objects
IP Versions IPv4 and IPv6
Fail-Safe Protections Default filter provides protection during boot time and prior to initial policy
Secure Internet Communications (SIC) Certificate-based secure communications channel among all Check Point distributed components belonging to a single management domain
Authentication
Multiple Authentication Methods User authentication, client authentication, session authentication
Local Users Local database user store included
RADIUS and RADIUS Groups Multiple servers and MS-CHAPv2, MS-PAP methods
LDAP and LDAP Groups Microsoft Active Directory, Novell Directory Server, Red Hat Directory Server, OPSEC certified LDAP server
TACACS+ Supported
RSA SecurID Supported
X.509 Certificates Supported using the included Certificate Authority or third party CAs
Customizable Authentication Messages Supported
Check Point Product
Check Point Security Gateway Blades
Firewall Blade
#CPSB-FW
Included
 
Check Point Security Gateway Blades for High Availability
Firewall Blade for High Availability
#CPSB-FW-HA
Included