UTM-1 Edge Appliances
Overview
Check Point UTM-1™ Edge appliances deliver all-inclusive, centrally managed, security solution to provide the perfect blend of simplicity and security for branch offices and remote-sites. The new Check Point appliances offer extended UTM capabilities, superb reliability and unprecedented ease of use. UTM-1™ Edge has the most flexible centralized management system and is built with the same enterprise-class technology used by 100 percent of Fortune 100 companies. UTM-1 Edge Total Security offerings enable customers to buy everything they need to secure their network in a single SKU, and to further streamline their purchasing and deployment process.
Key Benefits
- Secures an entire branch office in a single, turnkey appliance
- Protects branch office network, systems, and users from all Internet threats including email spam
- Provides flexible and reliable connectivity through multiple LAN and Internet connectivity methods
- Quick and easy provisioning of new systems
- Flexibility to manage a few or thousands of remote site devices from a single, central management console.
Features
Security Features
- Industry’s Most Proven Firewall
- Secure Site-to-Site Connectivity and Remote Access
- Streaming Gateway Antivirus
- Comprehensive Messaging Security with Anti-Spam
- Web Filtering
- Network Access Control
Industry’s Most Proven Firewall
Based on the same Check Point technologies that secure the Fortune 100, UTM-1 Edge appliances include the industry’s most proven firewall, supporting hundreds of applications, protocols, and services out-of-the-box. Broad application and protocol support provides comprehensive access control across the network, including the ability to block non-business related applications such as Instant Messaging (IM) and Peer-to-Peer (P2P) applications. UTM-1 Edge appliances also include Check Point’s SmartDefense intrusion prevention technology to ensure remote sites are protected from known and unknown attacks. SmartDefense protects networks, applications and users from threats such as Denial-of-Service, post scans, and buffer overflows and ensures proper usage of Internet resources, such as FTP, instant messaging, Peer-to-Peer (P2P) file sharing, and more.
Secure Site-to-Site Connectivity and Remote Access
UTM-1 Edge ensures communications privacy, with IPSec VPN functionality that offers strong encryption and authentication. UTM-1 Edge appliances can be easily added to existing VPN communities to enable secure, site-to-site connectivity. UTM-1 Edge appliances also provide an ideal way for employees and business partners to connect to the trusted network, by providing IPSec VPN connectivity with support for various VPN clients, including Check Point VPN-1 SecureClient, SecuRemote, as well as L2TP VPN clients.
Streaming Gateway Antivirus
UTM-1 Edge appliances come equipped with integrated gateway antivirus to provide an extra layer of protection by blocking worms and viruses before they can enter the network. This provides the ability to scan email (POP3, IMAP, and SMTP), FTP, and Web (HTTP) traffic, along with other protocols for possible threats. There is no limitation on the file size being scanned and it supports on-the-fly file decompression.
Comprehensive Messaging Security with Anti-Spam
Messaging Security from Check Point provides comprehensive protection for an organization's messaging infrastructure. The multidimensional approach protects the email infrastructure, provides highly accurate spam protection, and defends organizations from a wide variety of virus and malware threats within email.
| IP reputation anti-spam | Blocks spam and malware at the connection level by checking the sender's reputation against a dynamic database of known malicious IP addresses. |
Content-based anti-spam |
Protects against known forms of spam by comparing a “fingerprint” of each incoming mail message to a dynamic database with millions of known spam. |
| Block/allow list anti-spam | Utilizes block or allow lists to deny obvious email offenders and allow trusted senders, including blocking entire domains or marking entire domains as safe. |
| Mail antivirus | Blocks worms and viruses before they can enter the network. Supports standard email protocols (POP3, IMAP, and SMTP), including Web-based email. |
| SmartDefense email server protection | Protects against a broad range of threats, including DDos attacks that target the messaging infrastructure itself. |
The UTM-1 Edge anti-spam policy allows the administrator to specify with a very fine level of granularity which email traffic should be scanned and which should be considered safe.
Web Filtering
Inappropriate Web surfing can introduce security threats into the organization, as well as add risk from increased legal liability, lost productivity, and compliance issues. UTM-1 Edge appliances support best-of-breed Web filtering based on an 3rd party URL filtering services. This enables you to define an acceptable web-access policy for your organization and protect it from threats such as spyware and viruses, as well as new risks from inappropriate Web content.
Network Access Control
UTM-1 Edge includes support for 802.1x port-based authentication enabling organizations to control network access at branch offices based on endpoint security policy compliance and user access privileges. UTM-1 Edge also includes a built-in EAP (Extended Authentication Protocol) authenticator, enabling administrators to use WPA Enterprise and 802.1x access control without requiring an external RADIUS authentication server, making NAC easy to use in even the smallest networks.
Networking Features
Secure Hot Spot Support
UTM-1 Edge appliances can be used to create guest access networks by setting up hot-spot networks. Administrators can easily require Web-based user authentication or terms-of-use approval prior to providing network access. This enables convenient, yet controlled access for guest users, without compromising corporate resources.
High Availability
UTM-1 Edge appliances include high-availability options to ensure that security keeps pace with network- and business-critical applications. UTM-1 Edge appliances support WAN redundancy and load-balancing to ensure persistent connectivity and service availability. Dialup backup is also supported, providing either a primary or a secondary Internet connection if the primary broadband connection is not available.
Quality of Service
Network QoS is important where business-critical traffic, such as VoIP or VPN traffic is competing with noncritical traffic over a single Internet connection. UTM-1 Edge appliances include a comprehensive traffic management system that offers weighted priorities, bandwidth guarantees, and bandwidth limits. These allocate connectivity resources as predefined by business priorities and goals. Additionally, UTM-1 Edge W appliances support Wireless Multimedia QoS, which prioritizes multiple types of traffic flow from different applications— such as audio, video, and voice—under various environmental and traffic conditions.
Management Features
Centralized, Large Scale Management
UTM-1 Edge appliances can be centrally managed with Check Point SmartCenter or Provider-1, greatly simplifying security deployment in remote offices and locations. This allows administrators to centrally define a security policy for the entire network, including internal security, main sites, and remote sites. And with SmartLSM™, a profile-based management add-on designed specifically for the needs of large-scale VPN and security installations, administrators can define a single security profile and apply it simultaneously to thousands of UTM-1 Edge appliances from a single, central location. This enables rapid deployment of UTM-1 Edge gateways, dramatically reducing the costs and time required to deploy and manage security for thousands of devices.
Quick and Easy Setup
UTM-1 Edge appliances can be set up in less than 10 minutes, offering truly simple deployment to sites that have minimal IT resources. Even non-technical staff can easily perform initial setup and configuration.
Centralized, Automatic Updates
To maintain a preemptive security environment and ensure networks stay safe from new attacks, optional SmartDefense Services provide ongoing and automatic updates including new SmartDefense protections, antivirus signature updates, anti-spam updates and Web filtering services. SmartDefense Services also includes configuration advisories best practices security policies. Updates can be downloaded automatically and distributed to remote locations at preset intervals.
Hardware Options
- Secure Wireless Connectivity
- Integrated ADSL Modem
- Industrial Model for Production Floor and SCADA Environments
Secure Wireless Connectivity
UTM-1 Edge W appliances integrate a WiFi access-point (802.11b/g) supporting multiple security protocols, including 802.1x, IPSec over WLAN, RADIUS, WEP, WPA and WPA2 authentication. They also have dedicated WLAN interfaces from which you can set specific security rules for WLAN segments. This protects wireless interfaces by granting access only to authorized users, thereby preventing hackers from attacking corporate applications or resources. In addition, the wireless interface can be segmented into as many as four virtual access points, each with separate security policies and encryption methods.
Integrated ADSL Modem
UTM-1 Edge appliances are also available with integrated, high-speed ADSL modems, which eliminate the need for external ADSL modems and provide administrators with simple deployment options. It supports the latest ADSL standards, including ADSL v2/2+, and is available with Annex A and Annex B standards.
Industrial Model for Production Floor and SCADA Environments
UTM-1 Edge appliances are also available in an industrial model, designed protect Industrial Ethernet environments as well as supervisory control and data acquisition (SCADA) equipment from unauthorized access and attacks. UTM-1 Edge Industrial appliances comply with industrial mechanical specifications for dust, heat, and vibration, maximizing durability in harsh environments. The solid-state design of UTM-1 Edge Industrial appliances has no moving parts that could wear out over time, and it has flexible mounting options such as DIN rail, rack, and wall mounting.
Technical Specifications
UTM-1 Edge X |
UTM-1 Edge W |
UTM-1 Edge X ADSL |
UTM-1 Edge W ADSL |
|
|---|---|---|---|---|
| Firmware Version | Embedded NGX 8.0 | |||
| Concurrent Users | 8/16/32/Unlimited | |||
| Hardware Features | ||||
| Firewall Throughput (Mbps) | 190 | |||
| VPN Throughput (Mbps) | 35 | |||
| Concurrent Firewall Connections | 8,000 | |||
| Four Port LAN Switch | 10/100 Mbps | |||
| WAN Port | 10/100 Mbps | ADSL2+ | ||
| Console Port (Serial) |  |
|||
| Wall Mounting Kit | |
|||
UTM-1 Edge X |
UTM-1 Edge W |
UTM-1 Edge X ADSL |
UTM-1 Edge W ADSL |
|
|---|---|---|---|---|
| Firewall & Security Features | ||||
| Check Point Patented Stateful Inspection Firewall | |
|||
| Application Intelligence (IPS) | |
|||
| Instant Messenger Blocking/ Monitoring | ICQ, MSN Messenger, Skype, Yahoo | |||
| P2P File Sharing Blocking/ Monitoring | BitTorrent, eMule, Gnutella, KaZaA, Winny | |||
| Port-based and Tag-based VLAN | |
|||
| Port-based Security (802.1x) | |
|||
| Secure HotSpot (Guest Access) | |
|||
| Gateway Antispam* | |
|||
UTM-1 Edge X |
UTM-1 Edge W |
UTM-1 Edge X ADSL |
UTM-1 Edge W ADSL |
|
|---|---|---|---|---|
| Gateway Antivirus* | ||||
| Antivirus Supported Protocols | HTTP, FTP, NBT, POP3, IMAP, SMTP, User-defined TCP and UDP ports | |||
| On the fly decompression | |
|||
UTM-1 Edge X |
UTM-1 Edge W |
UTM-1 Edge X ADSL |
UTM-1 Edge W ADSL |
|
|---|---|---|---|---|
| URL Filtering | ||||
| Category Based | |
|||
| Embedded Web Rules | |
|||
UTM-1 Edge X |
UTM-1 Edge W |
UTM-1 Edge X ADSL |
UTM-1 Edge W ADSL |
|
|---|---|---|---|---|
| VPN | ||||
| Remote Access Client Software | Check Point VPN-1® SecuRemote™ (included)/L2TP IPSec VPN client | |||
| Bundled Remote Access Client Software | Unlimited (Check Point VPN-1 SecuRemote) | |||
| Site-to-Site VPN | |
|||
| Remote Access VPN | |
|||
| VPN Tunnels | 100 | |||
| Remote Access VPN Profiles | Up to 25 | |||
| Site To Site VPN Profiles | Unlimited | |||
| IPSec Features | Hardware accelerated DES, 3DES, AES, MD5, SHA-1, Hardware Random Number Generator (RNG), Internet Key Exchange (IKE), Perfect Forward Secrecy (PFS), IPSec Compression, IPSec NAT Traversal (NAT-T) | |||
| L2TP VPN Server | |
|||
| Weight | 1.35 Kg (2.976lbs) |
1.35 Kg (2.976lbs) |
1.35 Kg (2.976lbs) |
1.35 Kg (2.976lbs) |
| Operating Environment | Temperature: 5° to 40° C, Humidity: 10%-85% non-condensing, Altitude: 2,500m | |||
UTM-1 Edge X |
UTM-1 Edge W |
UTM-1 Edge X ADSL |
UTM-1 Edge W ADSL |
|
|---|---|---|---|---|
| Networking | ||||
| Supported Standards | Static IP, DHCP, PPPoE, PPTP, Telstra | Static IP, DHCP, PPPoE, PPTP, Telstra, EoA, PPPoA | ||
| Backup ISP & Load Balancing | |
|||
| Dialup Backup | Serial | Serial, USB | Serial, USB | Serial, USB |
| Traffic Shaper (QoS) | Advanced | |||
| Automatic Gateway Failover (HA) | |
|||
| Dynamic Routing | BGP, OSPF | |||
| Print Server | - | |
|
|
| Integrated DNS server | |
|||
| USB Rapid Deployment | |
|||
| Interface Monitor | |
|||
UTM-1 Edge X |
UTM-1 Edge W |
UTM-1 Edge X ADSL |
UTM-1 Edge W ADSL |
|
|---|---|---|---|---|
| Management | ||||
| HTTP / HTTPS / SSH / SNMP / SmartCenter / SmartLSM / Provider-1 / SMP / SMP-On-Demand | |
|||
| Local Diagnostic Tools | Ping, WHOIS, Packet Sniffer, VPN Tunnel Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs | |||
UTM-1 Edge X |
UTM-1 Edge W |
UTM-1 Edge X ADSL |
UTM-1 Edge W ADSL |
|
|---|---|---|---|---|
| Physical Specifications | ||||
| Dimensions (HxWxD) | 20.32 x 3.05 x 12.19 cm (8’ x 1.2’ x 4.8’) | |||
| Weight | 0.7 kg (1.56 lbs) | |||
| Operating Environmental Range | Temperature |
Operational: 0ºC - 40ºC Storage/Transport: -5ºC - 80ºC |
||
Humidity |
10% - 90% (non-condensed) |
|||
| Power | 100-240 VAC, 50-60 Hz (Depending on Country) | |||
| MTBF | 68,000 Hours | |||
| Regulatory compliance | FCC Part 15 Class B, CE | |||
| Warranty | 1 year | |||
| UTM-1 Edge Industrial
|
|||
|---|---|---|---|
| Physical Attributes | |||
| Dimensions (width x height x depth) |
200 x 32 x 128 mm (7.87 x 1.26 x 5.04 inches) | ||
| Weight | Without DIN rail adapter: 650 g (1.43 lbs) With DIN rail adapter: 750 g (1.65 lbs) | ||
| Retail box dimensions (width x height x depth) |
290 x 250 x 76 mm (11.42 x 3.14 x 9.84 inches) | ||
| Retail box weight | 1.35 kg (2.98 lbs) | ||
| 24V DC Power Input | |||
| Power Supply Nominal Output | +24V DC @ 0.6A | ||
| Max. Power Consumption | 9W 14W (including USB devices) |
||
| 5V Power Supply Unit | |||
| Power Supply Nominal Input | 9W 100 ~ 240 VAC; 47 ~ 63Hz |
||
| Power Supply Nominal Output | +5V DC @ 3A | ||
| Max. Power Consumption | 9W 14W (including USB devices) |
||
| EMI | |||
| Power Supply Nominal Input | 9W 100 ~ 240 VAC; 47 ~ 63Hz |
||
| Max. Power Consumption | 9W 14W (including USB devices) |
||
| EMI | ||||
|---|---|---|---|---|
| Standard | Description | Comments | ||
| CISPR 22 EN 55022 |
Radiated and Conducted EMI Limits | Class B | ||
| EN 61000-3-2 | Harmonic current emission | Class A | ||
| EN 61000-3-3 | Voltage fluctuations & flicker | Pst Measurement: 0.001, Limit: 1.0 Plt Measurement: 0.001, Limit: 0.65 Tdt (ms) Measurement: 0, Limit: 500 dmax (%) Measurement: 0, Limit: 4% dc (%)Measurement: 0, Limit: 3.3% |
||
| EN 55024 | Immunity | |||
| IEC 61000-4-2 | Electrostatic Discharge (ESD) | 8 kV air discharge, 4 kV Contact discharge, Performance Criterion B |
||
| IEC 61000-4-3 | Radiated, radio-frequency, electromagnetic field immunity | 80-1000 MHz, 3 V/m, 80% AM (1 kHz), Performance Criterion A |
||
| IEC 61000-4-4 | Electrical fast transient / burst immunity | AC Power line: 1 kV, DC Power line: 0.5 kV Signal line: 0.5 kV Performance Criterion B |
||
| IEC 61000-4-5 | Surge immunity | 1.2/50 us Open Circuit Voltage, 8/20 us Short Circuit Current AC Power Line: line to line 1 kV, line to earth 2 kV DC Power Line: line to earth 0.5 kV Signal line: 1 kV Performance Criterion B |
||
| IEC 61000-4-6 | Immunity to conducted disturbances, induced by radio-frequency fields | 0.15-80 MHz, 3 Vrms, 80% AM, 1 kHz, Performance Criterion A |
||
| IEC 61000-4-8 | Power frequency magnetic field immunity. | 50 Hz, 1 A/m, Performance Criterion A |
||
| IEC 61000-4-11 | Voltage dips, short interruptions and voltage variations immunity | i) >95% reduction -0.5 period, Performance Criterion B ii) 30% reduction – 25 period, Performance Criterion C Voltage Interruptions: i) >95% reduction – 250 period, Performance Criterion C |
||
| Safety | ||||
|---|---|---|---|---|
| Standard | Description | |||
| EN 60950-1 | Safety of Information Technology Equipment | |||
| Reliability | ||
|---|---|---|
| Standard | Description | Comments |
| EN 300 019-2-1 T1.2 | Environment (Storage) | Low Temperature: -5°C, 72 Hours High Temperature: 55°C, 72 Hours Humidity: 30°C, 93%, 96 Hours Sine Vibration: 5-62-200Hz/5°/s,2g,1 octave/minute, 5 cycles/axis, 96 hours Random Vibration: 5-10-50-100Hz/+12dB-0.0002g2/Hz - 12dB, 30 minutes/axis, 3 hours |
| EN 300 019-2-2 T2.3 | Environment (Transportation) | Low Temperature: -40°C, 72 Hours High Temperature: 70°C, 72 Hours Temperature Change: -40°C~+30°C, 3 hours dwell, 5 cycles, 1°C/minute Humidity: 40°C, 93%, 96 Hours Humidity Cycling: 40°C, 95%, 2 cycles Water: 0.01m3/minute, 90 Kpa, 15 minutes Random Vibration: 5-20-200Hz/0.01g2/Hz - 3dB, 30 minutes/axis, 1.5 hours Bump: 6ms, 18g, 100 bumps per face Drop: 100 cm, 1 corner, 3 edges and 6 face |
| EN 300 019-2-3 T3.2 | Environment (Operational) | Low Temperature: -5°C, 16 Hours (with cold start test) High Temperature: 55°C, 16 Hours (with hot start test) Temperature change: 25°C~+55°C, 3 hours dwell, 5 cycles, 0.5°C/minute, 30 hours Humidity: 30°C, 93%, 96 Hours Humidity Cycling: 55°C, 50~95%, 1 cycles Sine Vibration: 5-62-200Hz/5°/s-0.2g,1 octave/minute, 5 cycles/axis, X, Y and Z axes, 6 hours Random Vibration: 5-10-50-100Hz/+12dB-0.0002g2/Hz - 12dB, 30 minutes/axis, X, Y and X axes, 1.5 hours Shock: Half-sine, 11ms, 3g, 6 shocks per axis |
| Extended Temperatures | Extended Temperatures Test | Temperature change: -20°C~+ 55°C, 12 cycles, 72 hours, with cold start / hot start test. Low temperature: -20°C, 24 hours High temperature: 55°C, 24 hours |
| MTBF | 370,000 hours | Telcordia (Bellcore) model, SR-332, with Hirschmann RPS30 Industrial 24V DC power supply. |
| Environment | ||||
|---|---|---|---|---|
| Standard | Description |
|||
| RoHS | EC Directive on Restriction of Hazardous Substances |
|||
| WEEE | EC Directive on Waste Electrical and Electronic Equipment (WEEE) |
|||
Support and Warranty
Check Point offers a range of support programs for customers using our appliances covering both software and hardware issues.
Check Point offers support online, by phone and onsite directly or via its network of partners. Opening a ticket online with Check Point Support via Check Point User Center.
Support Programs for Appliances
Check Point's Appliance Support programs provide technical support, software updates and upgrades, and the replacement of faulty hardware.
Please visit our Support Programs for more information or Compare Programs for a summary of features.
Hardware Warranty
Check Point warrants that hardware components of its appliances shall be free from material defects and will function according to the documentation provided for a period of one year from the date of appliance activation by Check Point. If the unit has a hardware failure during this warranty period, customer can begin a RMA process. Please visit Hardware Warranty for more information.
Check Point Enterprise Support Lifecycle Policy
Check Point Enterprise Support Lifecycle Policy outlines the product support guidelines for a product's lifecycle. The objective of this policy is to standardize and normalize product lifecycle practices, thereby enabling Check Point customers to make more informed purchase, support and upgrade decisions.
All Check Point products (except third-party products sold by Check Point) are covered by this policy. Customers who are operating Check Point products under a valid Support & Maintenance Agreement are entitled to the benefits associated with this policy.
Next Steps
Resources
- Check Point Appliance Brochure [PDF]
- Why Check Point?
- Environmental Relations
- ATM Security
- Protecting Industrial IT Environments
- Time to Shore up Security on Wireless Networks
- More than Passwords: Five Rules to Ward off Wireless Pests
- Five Keys to Secure Wireless LANs
- Success Stories
- What's Next for SecurePlatform and IPSO
Related Products