UTM-1 Total Security

Overview
UTM-1™ Total Security appliances are all-inclusive, turn-key solutions that include everything you need to secure your network. Each appliance includes integrated centralized management, along with complete security updates, hardware support, and discounted customer support for up to 3 years.

With UTM-1 Total Security, you get the most comprehensive
security including firewall, VPN, intrusion prevention,
SSL VPN, antivirus, anti-spyware,
Web
filtering,
Web security, and anti-spam.
Key Benefits
- Provides peace of mind with proven technologies trusted by the Fortune 500
- Everything you need to secure your network for up to 3 years*
- Protects networks, systems, and users from multiple types of Internet threats
- Ensures confidentiality by securing remote access and site-to-site communications
- Streamlines security deployment and administration
- Protects against emerging threats with SmartDefense Services
* Applies to UTM-1 Total Security which includes additional messaging security protections as well as daily security updates and reduced rates for support in a single package
Features
- Proven application control and attack protection
- Gateway antivirus control and anti-spyware
- Comprehensive messaging security with anti-spam
- Web filtering
- Simple site-to-site connectivity
- Secure, flexible remote access
- All inclusive, turn-key solution
- Integrated centralized management
- Quick setup
THE SECURITY YOU NEED
Proven application control and attack protection
UTM-1 includes the most proven firewall and can examine hundreds of applications, protocols, and services out-of-the box. Integrated SmartDefense™ IPS utilizes signature- and protocol-anomaly-based intrusion prevention to protect business-critical services like FTP, HTTP, and VoIP from known and unknown attacks. Similarly, UTM-1 Total Security can block nonbusiness applications like IM and P2P.
Gateway antivirus, anti-spyware
Gateway antivirus and anti-spyware are core components of UTM-1, complementing desktop endpoint security. UTM-1 Total Security uses an up-to-date list of antivirus and antispyware signatures and anomaly-based protection to stop viruses and other malware at the gateway. To check for threats hidden inside legitimate content, real-time antivirus scans are performed on POP3, SMTP, FTP, and HTTP services.
Comprehensive messaging security with anti-spam
Messaging Security from Check Point provides comprehensive protection for an organization's messaging infrastructure. The multidimensional approach protects the email infrastructure, provides highly accurate spam protection, and defends organizations from a wide variety of virus and malware threats within email.
| IP reputation anti-spam | Blocks spam and malware at the connection level by checking the sender's reputation against a dynamic database of known malicious IP addresses |
Content-based anti-spam |
Protects against advanced forms of spam, including image-based and foreign-language spam, using pattern-based detection |
| Block/allow list anti-spam | Utilizes block or allow lists to deny obvious email offenders and allow trusted senders |
| Mail antivirus | Protects against a wide range of viruses and malware, including scans of message content and attachments |
| Zero-hour outbreak protection | Defends against new spam and malware outbreaks by using advanced pattern matching and distribution analysis engine |
| SmartDefense email IPS | Protects against a broad range of threats, including DoS and buffer overflow attacks, that target the messaging infrastructure itself |
Web filtering
UTM-1 Total Security appliances stop inappropriate Web surfing with best-of-breed Web filtering that covers 20-million-plus URLs, so you can define an online acceptable-use policy for your organization.
Simple site-to-site connectivity
With UTM-1 Total Security appliances, you can simplify the setup of site-to-site VPNs and remote access. Manual setup of node-to-node VPN tunnels and security for an entire VPN is replaced by a One-Click process, where new sites and remote users are added automatically.
Secure, flexible remote access
UTM-1 Total Security appliances can connect employees and business partners to your trusted network through flexible IPSec or SSL-based remote access, working seamlessly with a variety of VPN agents.
THE SIMPLICITY YOU WANT
All-inclusive turnkey solution
Everything you need in a UTM network security solution is provided by UTM-1 Total Security appliances—for up to three years. This includes:
- All security protections
- All security updates
- Hardware warranty
Integrated SmartCenter management
UTM-1 Total Security appliances come with integrated SmartCenter™ management, offering the ability to centrally manage multiple appliances and other Check Point products from a single console. It centrally stores and distributes security policy for the entire infrastructure, eliminating the need to maintain each site and gateway separately, reducing administrative burden and errors, ensuring consistency across the network. Through the intuitive SmartDashboard, administrators define and manage elements of a security policy: firewall security, network address translation, Quality of Service (QoS), VPN agent security, and VPNs.
Centralized, automatic updates
SmartDefense Services enable you to configure UTM-1 into a preemptive security solution, capable of ensuring your networks are safe from new attacks via ongoing and automatic defense updates.
Quick setup
UTM-1 Total Security appliances can be easily set up with the first-time configuration wizard. This truly simple deployment process is as easy as:
- Plugging in and turning on the appliance
- Following the onscreen wizard
- Launching the SmartCenter management interface

The first-time configuration wizard makes configuring
UTM-1 Total Security appliances easy.
Specifications
| Security Specifications | Protection Details |
| Firewall | |
|---|---|
| Protocol/application support | 200-plus |
| VoIP protection | SIP, H.323, MGCP, and SCCP with NAT support |
| Instant messaging control | MSN, Yahoo, ICQ, and Skype |
| Peer-to-peer blocking | Kazaa, Gnutella, BitTorrent |
| Network address translation | Static/hide NAT support with manual and automatic rules |
| IPSec VPN | |
| Encryption support | AES 128-256 bit, 3DES 56-168 bit |
| Authentication methods | Password, RADIUS, TACACS, X.509, SecurID |
| Certificate authority | Integrated certificate authority (X.509) |
| VPN communities | Automatically sets up site-to-site connections as objects are created |
| Topology support | Star and mesh |
| Route-based VPN | Utilizes virtual tunnel interfaces; numbered/unnumbered interfaces |
| VPN agent support | Complete endpoint security with VPN, desktop firewall |
| SSL VPN | |
| SSL-based remote access | Fully integrated SSL VPN gateway provides on-demand SSL-based access |
| SSL-based endpoint scanning | Scans endpoint for compliance/malware prior to admission to the network |
| Intrusion prevention | |
| Network-layer protection | Blocks attacks such as DoS, port scanning, IP/ICMP/TCP-related |
| Application-layer protection | Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands |
| Detection methods | Signature-based and protocol anomaly |
| Antivirus/anti-spyware | |
| Antivirus protection | Protects HTTP, FTP, POP3, and SMTP protocols |
| Anti-spyware blocks | Pattern-based spyware blocking at the gateway |
| Updates | Centralized, daily updates |
| Web filtering | |
| URL database | 20 million-plus URLs covering 3 billion-plus Web pages |
| Language support | More than 70 languages spanning 200 countries |
| Updates | Centralized, daily updates (100,000-plus new sites a week) |
| Messaging security | |
| Email IPS | SMTP, POP3, and IMAP attack protection |
| Pattern-based anti-spam | Detects spam based on dynamic database of signatures |
| IP reputation checking | Blocks spam and malware by sender |
| Signature-based antivirus | First layer of protection from viruses and malware |
| Zero-hour outbreak protection | Complements signature-based protection to block new outbreaks |
| Block/allow lists | Provides granular control over specific domains and users |
| Management and reporting | |
| Centralized management | Includes centralized management |
| Monitoring/logging | SmartView Tracker™ provides advanced monitoring and logging |
| Reporting | Express reports |
| Command line interface | Telnet, SSH |
| Networking | |
| DHCP support | SecurePlatform™ DHCP server and relay |
| ISP redundancy | Protocol-based, source/destination and port route decisions |
| Routing support | OSPF, BGP, RIP v1/2, Multicast |
| Layer-2 bridge support | Transparently integrates into existing network |
| Performance and availability | |
| High availability | Active/passive and active/active failover options |
| Load balancing | ClusterXL® provides near linear scaling |
| Quality of Service | Floodgate-1® provides granular QoS control |
| ISP redundancy | Automatically reroutes traffic to second interface |
Technical Specifications
| Software Edition | NGX R65 MS* |
NGX R65 MS* |
NGX R65 MS* |
NGX R65 MS* |
NGX R65 MS* |
| 10/100 Ports | - | - | - | - | - |
| 10/100/1000 Ports | 4 | 6 | 6 | 8 | 10 |
| Firewall Throughput | 400 Mbps | 1.1 Gbps | 1.8 Gbps | 2.8 Gbps | 4.5 Gbps |
| VPN Throughput | 100 Mbps | 250 Mbps | 250 Mbps | 280 Mbps | 1.1 Gpbs |
| Concurrent Sessions | 400,000 | 500,000 | 1.1 Million | 1.1 Million | 1.1 Million |
| Licensed Users | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
| VLANs | 256 | 256 | 256 | 256 | 256 |
| UTM out of the box | Yes | Yes | Yes | Yes | Yes |
| Security Acceleration | No | No | No | No | Yes |
| Integrated Multisite Management | Yes | Yes | Yes | Yes | Yes |
| Storage | 160 GB | 160 GB | 160 GB | 160 GB | 160 GB |
| Enclosure | 1U | 1U | 1U | 1U | 1U |
| Dimensions (standard) | 16.8 x 10 x 1.73 in. | 16.8 x 10 x 1.73 in. | 16.8 x 10 x 1.73 in. | 17.4 x 15 x 1.73 in. | 17.4 x 15 x 1.73 in. |
| Dimensions (metric) | 429 x 255 x 44mm | 429 x 255 x 44mm | 429 x 255 x 44mm | 443 x 381 x 44mm | 443 x 381 x 44mm |
| Weight | 3.7kg (8.1lbs) | 3.7kg (8.1lbs) | 3.7kg (8.1lbs) | 6.5kg (14.3lbs) | 6.5kg (14.3lbs) |
| Operating Environment | Temperature: 5° to 40° C, Humidity: 10%-85% non-condensing, Altitude: 2,500m | ||||
| Power Input | 100~240V, 50~60Hz | 100~240V, 50~60Hz | 100~240V, 50~60Hz | 100~240V, 50~60Hz | 100~240V, 50~60Hz |
| Power Consumption | 65W (Max) | 65W (Max) | 65W (Max) | 250W (Max) | 250W (Max) |
| Compliance | UL 60950; FCC Part 15, Subpart B, Class A; EN 55024; EN 55022; VCCI V-3; AS/NZS 3548:1995; CNS 13438 Class A (test passed; country approval pending); KN22, KN61000-4 Series, TTA; IC-950; ROHS | ||||
Support & Warranty
Check Point offers many technical support options for customers. These range from the Standard support plan that provides telephone assistance during normal business hours with next-day shipment of replacement appliances, to the Premium support plan providing 24/7 assistance with same day replacement shipment, up to the Premium+4H plan that provides a qualified engineer on-site within four hours to resolve any appliance-related issues. For additional information, please visit the Support Programs section of our website.
Direct Enterprise Support
Standard |
Premium |
Diamond/ Sapphire |
Premium 4H on-site** |
||
|---|---|---|---|---|---|
| Support Time | 9 x 5 Business Day | 24 x 7 Every Day | 24 x 7 Every Day | 24 x 7 Every Day | |
| Latest Hot Fixes & Service Packs | Yes | Yes | Yes | Yes | |
| Major Upgrades & Enhancements | Yes | Yes | Yes | Yes | |
| Access to Online Support Knowledgebase | Advanced | Advanced | Expert | Advanced | |
| Unlimited Service Requests | Yes | Yes | Yes | Yes | |
| Hardware Warranty | 3 Years | 3 Years | 3 Years | 3 Years | |
| Committed Response time to Severity-1 issues | 4 Hours | 30 Minutes | 30 Minutes | 30 Minutes | |
| Committed Response time to Severity 2,3,4 issues | 4 Hours | 4 Hours | 4 Hours | 4 Hours | |
| Issues open with | Standard Support Desk | Premium Support Desk | Designated Engineer | Premium Support Desk | |
| RMA Determination | Support Engineer | Support Engineer | Customer | Support Engineer | |
| Shipment & Delivery SLA | Next business day shipment, delivery usually within 2-3 business days | Same business day shipment, Next business day delivery target* |
As in Premium/Premium 4hrs (if purchased) | 24x7; Qualified engineer will arrive on-site within 4 hours to handle RMA | |
* For RMA (Return Material Authorization) determination completed by 15:00 regional hub time, otherwise shipment will occur next business day with delivery target extended by one day. There are four regional hubs, one located in each of the following: U.S., APAC, Europe and Israel. Next day delivery during weekends is possible at no extra charge upon request. ** This service is available at selected locations. Please verify availability for your location before purchasing this service level. |
|||||
Collaborative Enterprise Support
Co-Standard |
Co-Premium |
Co-Premium 4H on-site** |
||
|---|---|---|---|---|
| Support Time | 24 x 7 for Software issues; 9 x 5 Business Day for Hardware issues |
24 x 7 Every Day | 24 x 7 Every Day | |
| Latest Hot Fixes & Service Packs | Yes | Yes | Yes | |
| Major Upgrades & Enhancements | Yes | Yes | Yes | |
| Access to Online Support Knowledgebase | Advanced | Advanced | Advanced | |
| Unlimited Service Requests | Yes | Yes | Yes | |
| Hardware Warranty | 3 Years | 3 Years | 3 Years | |
| Committed Response time to Severity-1 issues | 30 Minutes indirect CCSP-Check Point |
30 Minutes direct end customer- Check Point |
30 Minutes | |
| Committed Response time to Severity 2,3,4 issues | 4 Hours | 4 Hours | 4 Hours | |
| Issues open with | Standard Support Desk | Escalation Group (Fast Path) |
Escalation Group (Fast Path) |
|
| RMA Determination | Support Engineer | Support Engineer | Support Engineer | |
| Shipment & Delivery SLA | Next business day shipment, delivery usually within 2-3 business days | Same business day shipment, Next business day delivery target* |
24x7; Qualified engineer will arrive on-site within 4 hours to handle RMA | |
* For RMA (Return Material Authorization) determination completed by 15:00 regional hub time, otherwise shipment will occur next business day with delivery target extended by one day. There are four regional hubs, one located in each of the following: U.S., APAC, Europe and Israel. Next day delivery during weekends is possible at no extra charge upon request. ** This service is available at selected locations. Please verify availability for your location before purchasing this service level. |
||||
-
Next Steps
- Find a Partner
- Call US sales: 1-866-488-6691
- Contact Us Online
Customer Testimonials
Resources
- UTM-1 White Paper
- Connectivity with Security White Paper
- UTM-1 Independent Analyst Webinar [ON DEMAND]
Related Products