The Check Point Firewall Software Blade builds on the award-winning technology first offered in Check Point’s FireWall-1 solution to provide the industry’s strongest level of gateway security and identity awareness. Check Point’s firewalls are trusted by 100% of the Fortune 100 and deployed by over 100,000 customers, and have demonstrated industry leadership and continued innovation since the introduction of FireWall-1 in 1994.
BenefitsProven gateway security with industry-leading firewall performance
- Protects over 100,000 customers and 100% of Fortune 100
- Includes patented stateful packet inspection
- Up to 120 Gbps firewall throughput with real-world traffic mix (SecurityPower benchmark)
- Enables granular policy definitions per user and group
- Seamless integration with Active Directory
- Ideal for protecting environments with social media and Internet applications
- Centralized management, logging and reporting via a single console
- Automatic activation of Firewall Software Blade on security gateway systems
The Firewall Software Blade enables network administrators to securely control access to clients, servers and applications. With detailed visibility into the users, groups, applications, machines and connection types, the Check Point Firewall Software Blade enables network administrators to provide superior protection across the entire security gateway.
User and machine awareness balances security with business needs by enabling granular policy definitions per user and group.
Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple application-based policy definition per user or group directly from the firewall.
Users’ identification may be acquired in one of three simple methods:
- Querying the active directory
- Through a caprive portal
- Installing a one-time, thin client-side agent
To ensure the security of your network, you need to be able to confirm the identity of all users attempting to access it. Authentication assigns access permissions to individuals and groups, based on their level of responsibility and role within the organization.
Based on the industry’s most advanced identity awareness, the Firewall Software Blade provides robust authentication capabilities to confirm the identity of all users and establish their rights and privileges.
The authentication component of the Firewall Software Blade offers:
- Multiple and complementary methods for gaining identity awareness
- Integrated user and machine awareness functionality across the security gateway and management
Whether computers have routable or non-routable addresses, administrators may want to conceal their real addresses, to ensure that addresses cannot be seen from outside the organization or from other parts of the same organization. A network’s internal address contains the topology of the network and therefore hiding this information greatly enhances security.
A security gateway in bridge mode operates as a regular firewall, inspecting traffic and dropping or blocking unauthorized or unsafe traffic, and is invisible to all Layer-3 traffic. When authorized traffic arrives at the gateway, it is passed from one interface to another through a procedure known as bridging. Bridging creates a Layer-2 relationship between two or more interfaces, whereby any traffic that enters one interface always exits the other. This way, the firewall can inspect and forward traffic without interfering with the original IP routing.
The Firewall Software Blade is integrated into the Software Blade Architecture and included in the Security Gateway container when you purchase a Security Gateway product.
|Protocol/Application Support||500 plus protocol types|
|VoIP Protection||SIP, H.323, MGCP and SIP with NAT support|
|Network Address Translation||Static/hide NAT support with manual or automatic rules|
|DHCP Gateways||Security gateways can have dynamic IP addresses|
|VLAN||Up to 256 VLANs per interface|
|Link Aggregation||802.3ad passive and 802.3ad active|
|Bridge Mode / Transparent Mode||Inspect traffic without interfering with the original IP routing|
|Extensive Set of Policy Objects||Individual node, networks, groups, dynamic objects|
|IP Versions||IPv4 and IPv6|
|Fail-Safe Protections||Default filter provides protection during boot time and prior to initial policy|
|Secure Internet Communications (SIC)||Certificate-based secure communications channel among all Check Point distributed components belonging to a single management domain|
|Multiple Authentication Methods||User authentication, client authentication, session authentication|
|Local Users||Local database user store included|
|RADIUS and RADIUS Groups||Multiple servers and MS-CHAPv2, MS-PAP methods|
|LDAP and LDAP Groups||Microsoft Active Directory, Novell Directory Server, Red Hat Directory Server, OPSEC certified LDAP server|
|X.509 Certificates||Supported using the included Certificate Authority or third party CAs|
|Customizable Authentication Messages||Supported|