IPSEC VPN Software Blade
Overview
Check Point's VPN Software Blade is an integrated software solution that provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. The blade integrates access control, authentication and encryption to guarantee the security of network connections over the public Internet.
Key Benefits
- Simple, centralized management of remote access and site-to-site VPNs
- Enhanced IPsec VPN security
- Multiple remote access VPN connectivity modes to support road warriors from all locations and networks
Features
- Simplified Site-to-Site VPN
- Multiple VPN Creation Methods
- Enhanced IPsec VPN Security
- Flexible Remote Access Support
- Multiple Remote Access VPN Connectivity Modes
Simplified Site-to-Site VPN
The IPsec Software Blade provides a unified method to create and manage complex VPNs. The SmartDashboard enables administrators to define participating gateways—including third-party gateways—in large-scale VPNs. VPN gateways can be configured for both star and mesh topologies in minutes with an integrated certificate authority to manage keys.
Route-based VPNs—administrators define what traffic should be encrypted by VPN rules, enabling the creation of complex large-scale site-to-site VPNs in dynamic environments. Route-based VPNs also support the extension of dynamic routing and multicast communities across VPNs.
Domain-based VPNs—administrators define which resources behind the gateway should have encrypted VPN traffic.
Enhanced IPsec VPN Security
A key element in Check Point’s philosophy is that VPN connectivity must be matched with a high level of security. The IPsec Software Blade enables you to connect remote users, sites, and partners without worrying that your VPN will become a network backdoor. At your discretion, the IPsec blade can apply the entire security policy to encrypted traffic, a subset of traffic, or allow VPN traffic to enter uninspected.
In addition, the IPsec Software Blade provides strong security for the VPN against DoS attacks such as those directed against the Internet Key Exchange (IKE) mechanism. The IPsec blade implements a unique solution for IKE DoS, asking unknown gateways attempting to connect to solve a computationally intensive problem before allocating resources.
Flexible Remote Access Support
Every enterprise has unique requirements for remote access. The IPsec Software Blade provides flexibility to design a solution to meet your needs with a number of remote access VPN client choices.
- Check Point Endpoint Security—Check Point Endpoint Security is the first single agent for total endpoint security that combines a remote access VPN with the highest-rated firewall, network access control (NAC), program control, antivirus, anti-spyware, and data security features.
- Endpoint Connect VPN Client—Check Point Endpoint Connect is a lightweight IPSec virtual private network (VPN) client included with Connectra and VPN-1 secure remote access gateways.
- SecuRemote—SecuRemote is a basic VPN client that offers IPsec connectivity for remote users.
- SecureClient—SecureClient is an advanced VPN client that offers IPsec connectivity for remote users.
- SecureClient Mobile—SecureClient Mobile delivers firewall protection and secure, uninterrupted remote access for wireless devices such as mobile phones.
- L2TP for iPhone—Support for the iPhone’s built-in L2TP VPN client.
Multiple Remote Access VPN Connectivity Modes
The IPsec blade provides various modes to address a variety of connectivity and routing issues faced by remote users.
Office Mode addresses routing issues between the client and the gateway by encapsulating IP packets with the remote user’s original IP address, thereby enabling users to appear as if they were “in the office” while connecting remotely. Office Mode also provides enhanced anti-spoofing by ensuring that the IP address encountered by the gateway is authenticated and assigned to the user.
Visitor Mode enables employees to access resources while they are working at a remote location such as a hotel or a customer office, where Internet connectivity may be limited to Web browsing using the standard HTTP and HTTPS ports.
Hub Mode enables rigorous, centralized inspection of all client traffic, removing the need to deploy security functions to multiple offices, and giving employees secure client-to-client communications such as Voice over IP (VoIP) or Internet conferencing using applications like Microsoft NetMeeting.
Specifications
| Feature | Details |
|---|---|
| Authentication Methods | Password, RADIUS, TACACS, X.509, SecurID |
| Certificate Authority | Integrated X.509 certificate authority |
| VPN communities | Automatically sets up site-to-site connections as objects are created |
| Topology Support | Star and mesh |
| Route-based VPN | Utilizes Virtual Tunnel Interfaces, numbered/unnumbered interfaces |
| VPN resiliency | Multiple Entry Point (MEP), Wire Mode |
| VPN route injection | Route Injection Mechanism (RIM) |
| Site-to-site VPN modes | Domain Based, Route Based |
| Directional VPN | Enforcement between or within community |
| IKE (Phase 1) Key Exchange | AES-256, 3DES, DES, CAST |
| IKE (Phase 1) Data Integrity | MD5, SHA1 |
| IPsec (Phase 2) Data Encryption | 3DES, AES-128, AES-256, DES, CAST, DES-40CP, CAST-40, NULL |
| IPsec (Phase 2) Data Integrity | MD5, SHA1 |
| IKE (Phase 1) & IPsec (Phase 2) Diffie-Hellman Groups | Group 1 (768 bit), Group 2 (1024 bit), Group 5 (1536 bit), Group 14 (2048 bit) |
| IKE (Phase 1) Options | Aggressive Mode |
| IPsec (Phase 2) Options | Perfect Forward Secrecy, IP Compression |
| Mobile device support | L2TP support for iPhone, SecureClient Mobile for Windows Mobile |
| Multiple IPsec VPN Clients | Check Point Endpoint Security, SecureClient, SecuRemote |
Support
Threats to networks are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Services protect against emerging threats with critical hot software fixes, service packs, and major software upgrades.
Benefits
- Ensure continuous security with access to critical hot fixes and service packs
- Maximize ROI and investment with access to major upgrades and enhancements
- Increase security with the latest applications, features, and technologies
Next Steps
- Find a Partner
- Call US sales: 1-866-488-6691
- Contact Us Online
Resources
Check Point Software Blade Architecture Brochure- Software Blades Demo
- Software Blade Architecture White Paper
Software Blades
Security Gateway Software Blades