CHECK POINT FIREWALL-1 VERSION 4.0 ESTABLISHES NEW BENCHMARK FOR EASY DEPLOYMENT OF VIRTUAL PRIVATE NETWORKS

NETWORLD+INTEROP, Las Vegas, Nev., - May 4, 1998 (Booth #4987) - Check Point Software Technologies Ltd. (Nasdaq: CHKPF), the worldwide leader in policy-based management for active networks, today announced industry-leading functionality and flexibility in Check Point FireWall-1 4.0, the new version of its flagship enterprise security suite, and SecuRemote 4.0, its client-side secure remote access software. The two new versions, now in beta, provide a comprehensive set of security, network performance and policy management capabilities, taking a standards-based approach that enables organizations to easily deploy intranet, remote-access and extranet Virtual Private Networks (VPNs).

Key enhancements in FireWall-1 version 4.0 in the security area include support for Entrust Technologies' digital certificate solutions based on Public Key Infrastructure (PKI) utilizing X.509 certificates, IKE (Internet Key Exchange, previously known as ISAKMP/Oakley) encryption for both FireWall-1 and SecuRemote, and standards-based strong user authentication. Network performance is boosted by Check Point's line of hardware-based VPN accelerators, while policy management is simplified with

FireWall-1 version 4.0's support for LDAP directory management and new Security Wizards that help users define comprehensive security policies.

Consistent with a strong commitment to open standards, the FireWall-1 suite is unified by Check Point's industry-wide Open Platform for Secure Enterprise Connectivity (OPSEC) framework of open and industry-standard APIs. OPSEC enables companies to create their own, custom policy-based enterprise security suites, with more than 140 choices in best-of-breed OPSEC Compliant and OPSEC Secured solutions.

"Today more than ever it is important to customers to have centrally managed, best-of-breed security products, including VPN technologies, integrated on a single platform," said Dr. Deborah Triant, president and CEO of Check Point Software Technologies, Inc. "With FireWall-1 4.0 and SecuRemote 4.0, companies can deliver standards-based VPNs as part of their overall security policy, providing intranet, remote access and extranet communications with guaranteed multi-vendor interoperability."

Enhanced Security: Digital Certificates, IKE Interoperability and User Authentication

Check Point FireWall-1 and SecuRemote version 4.0 support a Public Key Infrastructure (PKI) as part of an overall enterprise security implementation, which enables flexible, secure deployments of intranet, remote access and extranet VPNs. Check Point's open, scaleable PKI uses X.509 digital certificates and Certificate Authority (CA) technology from Entrust Technologies to simplify and automate critical VPN functions such as adding and deleting users, managing encryption keys and providing encryption key back-up and recovery.

"The CA-based public key infrastructure overcomes the biggest deficiency of current VPN implementations: secure key transfer mechanism and key life-cycle management," Dr. Triant adds. "With the support for Entrust now built into FireWall-1 and SecuRemote, VPNs can be extended to large numbers of users with minimal management overhead and without breaking the integrity of the security policy."

Check Point FireWall-1 version 4.0 maintains an open standards approach by incorporating fully-compliant IKE encryption technology into both FireWall-1 and SecuRemote version 4.0. IKE compatibility allows organizations to use "Entrust-Ready" FireWall-1 version 4.0 and SecuRemote version 4.0 to implement VPNs with remote users and remote offices to secure their business communications over an IP network. The IKE standard enables FireWall-1-based VPNs to automatically negotiate the strongest possible algorithms available between communicating parties. These include DES and Triple-DES for data encryption, as well as SHA-1 and MD5 for data integrity.

Proven IKE interoperability was an important selection criteria in the choice of Check Point's enterprise security suite by the Automotive Network eXchange™ (ANX) network, potentially the world's largest VPN. Endorsed by such companies as Chrysler, Ford and General Motors, the ANX network will fundamentally change the way the automotive industry conducts business.

FireWall-1 version 4.0 also includes extensive support for strong, two-factor user authentication schemes to ensure that only authorized users can access sensitive network resources. Additionally, FireWall-1 supports the industry-standard TACACS+ and RADIUS version 2 protocols allowing flexible integration with multiple third-party authentication solutions.

Improved Network Performance: Accelerated Hardware Encryption

Through a partnership with Chrysalis-ITS, Check Point is delivering hardware-based VPN acceleration products that enable organizations to deploy VPNs at Fast Ethernet speeds with no performance degradation. The first product from this partnership is a plug-and-play PCI card for Sun Solaris and Windows NT platforms providing both DES and Triple DES data encryption. To accommodate all sizes of VPN deployments, Check Point is offering 10 Mbps and 100 Mbps versions of the VPN accelerator, supporting Ethernet and Fast Ethernet throughput rates.

In addition to off-loading the FireWall-1 CPU from computationally-intensive data encryption, the VPN acceleration cards generate and store private encryption keys on the card itself, guaranteeing the privacy of all communications to and from the FireWall-1 gateway. Once generated, encryption keys are protected against hackers, viruses, and inadvertent deletion with secure key storage that is designed to meet the NIST FIPS 140-1 security standard.

Policy Management Extensions: LDAP User Management and Security Wizards

Check Point extends its lead in policy management with integrated support for LDAP-compliant directory servers, enabling organizations to manage an unlimited number of network users in a single, hierarchical directory. FireWall-1 version 4.0 includes an optional Java-based Account Management Client module to define and manage user-level security information residing on one or more LDAP servers. This information, such as user name, email address and password, is then available to any FireWall-1 module to enforce the enterprise security policy.

With LDAP support, security administrators no longer have to maintain separate user databases for each security application, thus reducing management overhead and improving network security. In addition, FireWall-1 version 4.0's ability to partition LDAP servers into separate domains, or account units, allows for decentralized user management, enhancing operational efficiency and overall information security.

Additional policy management enhancements to FireWall-1 version 4.0 include:

• Security Wizards: FireWall-1's award-winning graphical user interface has been enhanced in version 4.0 to include easy-to-use Security Wizards that facilitate the definition of comprehensive security policies. Security Wizards step users through the process of defining network objects and complete security policies, reducing the time and risk typically associated with security policy definition.

• Third-party Device Management: FireWall-1 version 4.0 incorporates Check Point's Open Security Manager to define, manage and distribute security policies for multiple third-party security devices such as Cisco PIX, Microsoft Steelhead Router, and routers from Bay Networks, Cisco and 3Com. FireWall-1 can also receive log data from these third-party devices to provide centralized logging and auditing of all network traffic. Centrally managing enterprise security policies mitigates security risks and eliminates the burden of individually configuring and managing each security device.

Pricing and Availability

FireWall-1 version 4.0, SecuRemote version 4.0, Check Point's LDAP Account Management module, and Check Point's VPN accelerator are all in beta, with general availability in Q3 1998. FireWall-1 version 4.0 pricing ranges from $2,995 for under 25 nodes to $18,990 for unlimited nodes, and is backward-compatible with FireWall-1 3.0. Check Point's LDAP Account Management module will be priced under $5,000. The VPN Accelerator will be priced under $3,000 for the 10 Mbps version and under $6,000 for the 100 Mbps version.

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. is a leader in policy-based management solutions for active networks. Through its patented Stateful Inspection technology, the company is uniquely positioned to deliver Secure Enterprise Connectivity solutions that protect information assets and enhance the performance of enterprise networks. Check Point offerings include the world's leading enterprise security suite, Check Point FireWall-1, and the industry's premier policy-based bandwidth management solution, Check Point FloodGate-1 . The company has U.S. headquarters in Redwood City, California and international headquarters in Ramat-Gan, Israel. For product information, please call (800) 429-4391 or (650) 628-2000 or visit our web site at http://www.checkpoint.com.

###

1998 Check Point Software Technologies Ltd. Check Point, the Check Point logo, Check Point FireWall-1, FireWall-1, SecuRemote, FireWall-First!, OPSEC, INSPECT, FloodGate-1 and IQ Engine are trademarks or registered trademarks of Check Point Software Technologies Ltd. All other product names mentioned herein are trademarks of their respective owners.