 Security
Connectivity
Wireless Connectivity
Management
|
| |
 |
| |
Security
Bridge Mode
UTM-1 Edge appliances can operate in transparent bridge mode, enabling administrators to add a security layer to existing networks without changing the topology or IP addressing scheme of that network—such as when an existing router is in place or where broadband services do not allow a segmented network. With this, administrators can define firewall rules by interface name and support Spanning Tree Protocol that would allow redundant loops of bridges/switches. |
|
Unified Threat Management
To reduce security sprawl caused by increased connectivity at branch offices, UTM-1 Edge now delivers integrated SmartDefense intrusion prevention and gateway antivirus in addition to the FireWall-1 firewall and VPN technologies. Unlike other branch office UTM solutions, UTM-1 Edge takes advantage of Check Point’s Unified Security Architecture to deliver consistent security across the entire network. |
|
Total Access Protection
UTM-1 Edge appliances now deliver 802.1x port-based authentication for both LAN and wireless LAN users. With this, organizations can control network access by computers all the way out to the branch office while implementing a vendor-neutral strategy. |
|
Client verification with Integrity
Before allowing clients onto the network, Integrity and UTM-1 Edge cooperatively ensure that the machine meets corporate security standards and that no malware is running.
Dynamic VLAN Assignment
Based on a user’s authentication against RADIUS servers, he or she can be assigned to the proper VLAN. For example, salespeople may be assigned to one VLAN while people working in operations functions are assigned to another.
User Quarantine
If someone fails to properly authenticate, that user an be quarantined within their physical segment—limiting exposure to unauthorized users.
|
|
Enhanced Wireless LAN Security
The UTM-1 Edge NGX release brings the industry’s most advanced wireless security to the industry’s most advanced security appliance for the branch office. It now supports WPA2 as well as WEP, WPA, WPA-PSK, and MAC address filtering. |
|
Hot Spot Authentication
Administrators can require users to authenticate to a RADIUS server via a Web page. Companies can use this for a variety of purposes, including limiting access, assigning proper access rights, billing of services, or ensuring users agree to acceptable user policies before being given access to the network. |
|
Connectivity
USB Modem Support
UTM-1 Edge appliances can now automatically detect a dead Internet link and fail over to the modem, enabling continuous communications and the flow of critical information. With this, customers now have an affordable high-availability option for times when a main Internet link is down or when broadband Internet access in not widely available, and the USB modem can be used as the primary Internet connection. |
|
Integrated ADSL Modem
Administrators an now deploy both UTM-1 Edge X and W with an optional integrated ADSL modem that supports ADSL v2/2+ as well as Annex A and B. Eliminating the need for an external ADSL modem, this provides administrators with simpler deployment options while supporting the latest standards for ADSL. |
|
Dynamic Routing
UTM-1 Edge now supports OSPF dynamic routing, enabling the appliance to participate in dynamic routing communities, enhancing network reliability, and simplifying routing configuration for administrators—especially within a large-scale deployment. |
|
Route-Based VPNs
Route-based VPNs are an alternative way to configure VPNs rather than the traditional domain-based VPN method. With route-based VPNs, encryption decisions are made based on the routing table rather than on predefined objects that are placed within an encryption domain. |
|
Wireless LAN Connectivity
Wireless Roaming
UTM-1 Edge Wireless (W) appliances allow wireless clients to seamlessly attach to other UTM-1 Edge wireless devices and standards-based access points without changing the client IP address. The access points can be interconnected by Wireless Distribution System (WDS) links or by traditional wired Ethernet connections. WDS links can also be used to create loop-free topologies, such as a star or tree of access points and can be used together with bridge mode and Spanning Tree Protocol to create redundant topologies, such as a loop or mesh of linked access points. |
|
Virtual Access Points
Many times administraors desire to provision different SSIDs for different classes of users on the branch office wireless LAN. For example, a branch office may be provisioned to provide an SSID of “guest” for visitors, using WEP encryption and only accessing the Internet, while employees are provided the SSID “Internal” that requires WPA2 encryption but provides more compete network access. UTM-1 Edge allows administrators to define 4 different SSIDs per appliance. |
|
Wireless Multimedia (WMM)
The increased use of wireless LANs for critical, lag-sensitive applications, such as Voice over WiFi, UTM-1 Edge supports the Wireless Multimedia (WMM) standard for wireless quality of service, ensuring that administrators can deliver wireless applications with minimal performance worries. |
|
Management
Universal Updateability
Administrators can now centrally update all UTM-1 Edge appliances to protect against the latest attacks and viruses using SmartDefense Services, a service that provides updated protections for new applications and defense against the latest attacks. They can also leverage SmartUpdate to remotely upgrade appliances to the latest firmware. |
|
Integration with Eventia Analyzer
Companies can now use Eventia Analyzer to correlate security events from UTM-1 Edge, analyzing them alongside events from other Check Point and 3rd party security solutions. Now centrally-located security professionals will be able to recognize serious security events that may be related even though they are distributed across many different gateways. |
|
SmartDefense Wizard
For companies that prefer local, Web-based management, UTM-1 Edge provides a wizard that assists administrators in properly configuring SmartDefense intrusion prevention settings. |
|
| |
