The Check Point Firewall Software Blade builds on the award-winning technology first offered in Check Point’s FireWall-1 solution to provide the industry’s strongest level of gateway security and identity awareness. Check Point’s firewalls are trusted by 100% of the Fortune 100 and deployed by over 100,000 customers, and have demonstrated industry leadership and continued innovation since the introduction of FireWall-1 in 1994.

Benefits

Proven gateway security with industry-leading firewall performance
  • Protects over 100,000 customers and 100% of Fortune 100
  • Includes patented stateful packet inspection
  • Up to 120 Gbps firewall throughput with real-world traffic mix (SecurityPower benchmark)
User and machine identity awareness balance security and business need
  • Enables granular policy definitions per user and group
  • Seamless integration with Active Directory
  • Ideal for protecting environments with social media and Internet applications
Integrated into Check Point Software Blade Architecture
  • Centralized management, logging and reporting via a single console
  • Automatic activation of Firewall Software Blade on security gateway systems

Features

The Firewall Software Blade enables network administrators to securely control access to clients, servers and applications. With detailed visibility into the users, groups, applications, machines and connection types, the Check Point Firewall Software Blade enables network administrators to provide superior protection across the entire security gateway.

User and machine awareness balances security with business needs by enabling granular policy definitions per user and group.

Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple application-based policy definition per user or group directly from the firewall.

Users’ identification may be acquired in one of three simple methods:

  • Querying the active directory
  • Through a caprive portal
  • Installing a one-time, thin client-side agent

To ensure the security of your network, you need to be able to confirm the identity of all users attempting to access it. Authentication assigns access permissions to individuals and groups, based on their level of responsibility and role within the organization.

Based on the industry’s most advanced identity awareness, the Firewall Software Blade provides robust authentication capabilities to confirm the identity of all users and establish their rights and privileges.

The authentication component of the Firewall Software Blade offers:

  • Multiple and complementary methods for gaining identity awareness
  • Integrated user and machine awareness functionality across the security gateway and management

Whether computers have routable or non-routable addresses, administrators may want to conceal their real addresses, to ensure that addresses cannot be seen from outside the organization or from other parts of the same organization. A network’s internal address contains the topology of the network and therefore hiding this information greatly enhances security.

A security gateway in bridge mode operates as a regular firewall, inspecting traffic and dropping or blocking unauthorized or unsafe traffic, and is invisible to all Layer-3 traffic. When authorized traffic arrives at the gateway, it is passed from one interface to another through a procedure known as bridging. Bridging creates a Layer-2 relationship between two or more interfaces, whereby any traffic that enters one interface always exits the other. This way, the firewall can inspect and forward traffic without interfering with the original IP routing.

The Firewall Software Blade is integrated into the Software Blade Architecture and included in the Security Gateway container when you purchase a Security Gateway product.

Specifications

Feature
Details
Protocol/Application Support500 plus protocol types
VoIP ProtectionSIP, H.323, MGCP and SIP with NAT support
Network Address TranslationStatic/hide NAT support with manual or automatic rules
DHCP GatewaysSecurity gateways can have dynamic IP addresses
VLANUp to 256 VLANs per interface
Link Aggregation802.3ad passive and 802.3ad active
Bridge Mode / Transparent ModeInspect traffic without interfering with the original IP routing
Extensive Set of Policy ObjectsIndividual node, networks, groups, dynamic objects
IP VersionsIPv4 and IPv6
Fail-Safe ProtectionsDefault filter provides protection during boot time and prior to initial policy
Secure Internet Communications (SIC)Certificate-based secure communications channel among all Check Point distributed components belonging to a single management domain
Authentication
Multiple Authentication MethodsUser authentication, client authentication, session authentication
Local UsersLocal database user store included
RADIUS and RADIUS GroupsMultiple servers and MS-CHAPv2, MS-PAP methods
LDAP and LDAP GroupsMicrosoft Active Directory, Novell Directory Server, Red Hat Directory Server, OPSEC certified LDAP server
TACACS+Supported
RSA SecurIDSupported
X.509 CertificatesSupported using the included Certificate Authority or third party CAs
Customizable Authentication MessagesSupported