Firewall Software Blade
Overview
Check Point’s Firewall Software Blade is the world’s most proven firewall solution that’s trusted to secure 100% of the Fortune 100. The Firewall Software Blade provides the highest level of security, with access control, application security, authentication and Network Address Translation (NAT) available to block unauthorized network users and protect enterprise users and data. The Firewall Software Blade leverages the Security Management Software Blades, enabling remote intelligent management with maximum efficiency.
Check Point pioneered and patented Stateful Inspections. U.S. Patent # 5,606,668, issued on February 25, 1997, covers, among other things, Check Point Software's implementation of "Stateful Inspection" technology for controlling network traffic, which includes a flexible, easily-alterable network security method for examining the information flow into and out of a network and making security decisions based on previously stored results.
Application Awareness and Control
The Check Point Application Library enables application scanning and detection of more than 4,500 distinct applications and over 50,000 social networking widgets - regardless of port, protocol, or evasive technique used to traverse the network. To meet the dynamic nature of internet applications the Application Library is continuously updated.
The integration of the Application Library into Check Point Security Gateways allows customers to leverage the convenience of Web 2.0 technologies safely and securely.
Click here for the press release.
Key Benefits
- The Check Point Firewall Software Blade protects 100% of the Fortune 100
- Comprehensive network and application firewall with access control, attack protection, application security, authentication and Network Address Translation (NAT)
- Comprehensive network and application firewall
- Industry-leading and tight integration with Check Point Security Management Software Blades and Check Point Security Gateway Software Blades
- High performance
- Multi-platform support
Features
Access Control
Network administrators need the means to securely control access to resources such as networks, hosts, network services and protocols. Determining what resources can be accessed, and how, is the responsibility of Access Control.
Authentication
Authentication confirms the identity of valid users authorized to access your company network. Staff from different departments are assigned access permissions based on their level of responsibility and role within the organization. Authentication ensures that all users trying to access the system are valid users, but does not define their access rights.
Network Address Translation (NAT)
Whether computers have routable or non-routable addresses, the administrator may want to conceal their real addresses for security reasons, for example, to ensure that addresses cannot be seen from outside the organization or from other parts of the same organization. A network’s internal address contains the topology of the network and therefore hiding this information greatly enhances security.
Bridge Mode
A security gateway in bridge mode operates as a regular firewall, inspecting traffic and dropping or blocking unauthorized or unsafe traffic. A security gateway in bridge mode is invisible to all Layer-3 traffic. When authorized traffic arrives at the gateway, it is passed from one interface to another through a procedure known as bridging. Bridging creates a Layer-2 relationship between two or more interfaces, whereby any traffic that enters one interface always exits the other. This way, the firewall can inspect and forward traffic without interfering with the original IP routing.
Specifications
| Feature | Details |
|---|---|
| Protocol/Application support | Secures more than 200 applications and protocols |
| VoIP Protection | SIP, H.323, MGCP, and SIP with NAT support |
| Network Address Translation | Static/hide NAT support with manual or automatic rules |
| DHCP gateways | Security gateways can have dynamic IP addresses |
| VLAN | Up to 256 VLANs |
| Link aggregation | 802.3ad passive and 802.3ad active |
| Bridge Mode / Transparent Mode | Supported under SecurePlatform in interface pairs |
| Extensive set of policy objects | Individual nodes, networks, groups, dynamic objects |
| IP Versions | IPv4 and IPv6 |
| Fail-Safe Protections | Default Filter provides protection during boot time and prior to initial policy |
| Secure Internal Communications (SIC) | Certificate-based secure communications channel among all Check Point distributed components belonging to a single management domain |
| Authentication | |
| Multiple authentication methods | User authentication, client authentication, session authentication |
| Local users | Local database user store included |
| RADIUS and RADIUS Groups | Multiple servers and MS-CHAPv2, MS-PAP methods |
| LDAP and LDAP Groups | Microsoft Active Directory, Novell Directory Server, Red Hat Directory Server, OPSEC certified LDAP server |
| TACACS+ | Supported |
| RSA SecurID | Supported |
| X.509 certificates | Supported using the included Certificate Authority or third party CAs |
| Customizable Authentication messages | Supported |
Support
Threats to networks are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Services protect against emerging threats with critical hot software fixes, service packs, and major software upgrades.
Benefits
- Ensure continuous security with access to critical hot fixes and service packs
- Maximize ROI and investment with access to major upgrades and enhancements
- Increase security with the latest applications, features, and technologies
Next Steps
- Find a Partner
- Call US sales: 1-866-488-6691
- Contact Us Online
Resources
Check Point Software Blade Architecture Brochure- Software Blades Demo
- Software Blade Architecture White Paper
Software Blades
Security Gateway Software Blades