As the number of available IPv4 addresses dwindles, it’s becoming more and more important to ensure that your network is ready for IPv6. Today, Telco and service providers are migrating to IPv6 in order to add countless new mobile users to their network, and provide them with seamless access to IPv4/IPv6 services & content. Check Point’s integrated IPv6 solution has been specifically designed to seamlessly run on any Check Point appliance or Open Server.
BenefitsSoftware Blades Security with IPv6
- Secure IPv6 traffic with Firewall, Identity Awareness, IPS, Application Control, URL Filtering, Antivirus and Anti-Bot
- Allow security connectivity between IPv6 networks using the VPN Software Blade
- Secure IPv4 and IPv6 networks using the same Check Point security gateway
- Use devices with both IPv4 and IPv6 addresses with dual stack
- Allow transition between IPv4 and IPv6 networks with NAT and IP-tunneling
- Secure pure IPv6 only networks including all gateways’ IPs and management IPs
- IPv6 support for Virtual Systems
- Keep your policy simple by using the same rule base and objects for both IPv4 and IPv6
- Use Gaia OS to easily integrate with IPv6 services including: logging and alerting (syslog,SNMP), authentication (Radius, LDAP) and WebUI
- Extensive IPv6 networking including clustering (ClusterXL, VRRP) and dynamic routing (BGP, OSPF)
Supporting the latest Check Point Software Blade Architecture on every appliance or open server, with the same gateway used to inspect both IPv4 and IPv6 traffic*. Check Point’s integrated IPv6 solution supports the following Software Blades: Firewall, site to site VPN, Identity Awareness, Advanced Networking & Clustering, Intrusion Prevention (IPS), Application Control, URL Filtering, Antivirus and Anti-Bot.
* available on GAiA OS, R76 and later
Enable fast and simple transition between IPv4 and IPv6 networks using multiple transition mechanisms:
IPv4/IPv6 dual stack – enable organizations to support side by side IPv4 and IPv6 implementation with both protocols running on the gateway. This approach supports scenarios in which devices have both IPv4 and IPv6 address, as well as scenarios where customer networks include both IPv4 devices as well as IPv6 devices.
Tunneling – as not all networks support dual-stack, tunneling is used for IPv4 networks to talk to IPv6 networks (and vice versa). 6 in 4 tunnel, where IPv6 traffic is sent over an IPv4 channel, can be used to support scenarios such as an IPv6 communication between an Enterprise and its (IPv6) branch office, sent over an IPv4 web.
NAT – NAT 66 and NAT64 supporting network address translation between IPv6 and IPv4 networks. This enables supporting common scenarios such as a Service Provider supporting its IPv6 subscribers seamless access to other IPv4 subscribes and service.
Secure pure IPv6 only networks including all gateway IP addresses and management IP addresses.
- Logging and alerting with SNMP and syslog
- High Availability and clustering with VRRP and ClusterXL
- Dynamic Routing with BGP and OSPFv3
- Authentication with LDAP and RADIUS
- Interface configuration and first time configuration Wizard
The Check Point IPv6 solution, unlike other solutions, enables administrator to simply add IPv6 address to their existing IPv4 objects. Thus, the same rule base and policy can be used both for IPv4 and IPv6 and network administrators are not forced to maintain a 2nd set of IPv6 policies or objects.
Telco and service providers that use virtualization to provide a scalable, cost effective, customized security for multi-tenancy environments, with dedicated virtual gateways per each end customer, can now also operate in an IPv6 environment seamlessly inspecting IPv6 traffic and working with IPv6 addressees (for both virtual gateway and management).