Virtual Edition

The Check Point Security Gateway Virtual Edition (VE) protects dynamic virtualized environments and external networks, such as private and public clouds, from internal and external threats by securing virtual machines and applications with the full range of Check Point Software Blades.


Secures VMware ESXi v.5.5 and NSX products

  • Check Point’s security protection includes next-generation firewall and threat prevention for VMware virtualization
  • Inspect inter-VM traffic with hypervisor-level integration
  • Secure virtual machines without changing network topology
  • Flexible deployment: Hypervisor or Network mode

Automatically secures virtual applications

  • Instantly secure all VMs on new ESX host member with automatic VE deployment
  • Automatically secure newly provisioned Virtual Machines
  • Secure migrated virtual machines without breaking applications’ connectivity

Unifies management of the virtual and physical environments

  • Consistent security policy across both physical and virtual environments
  • Visibility and auditing of virtualization configuration and security changes
  • Separation of duties between virtualization and security teams

Thanks to Check Point VE, we have a virtual security solution that fully integrates into our dynamic virtualized environment with all the performance, security, and functionality we’ve expected from our physical Check Point gateways for years.

Luc Steens

Team Leader Security Managed Services




Inter-VM Traffic Inspection

Check Point Virtual Edition (VE) protects virtual machines and inspects inter-VM traffic through the breadth of multilayer security protection without changing the network topology. Security Gateway VE is based on the Check Point Software Blade Architecture and integrates with VMware vCloud Networking and Security to enforce hypervisor security.

Using physical security in a virtual environment to inspect inter-VM traffic impacts performance and complicates topology. With the Security Gateway VE, performance is increased by inspecting virtual machine traffic inside the host without the need of network changes. Virtual machines are constantly and automatically protected regardless of IP address changes, live migration or being new to the environment.

Security Gateway VE enables you to separate virtual applications, protecting them from each other as well as internal and external threats. Check Point update services provide real-time updates to keep protections current with the latest defenses.

Granular Virtualized Security Solution

Security Gateway VE consolidates proven security functions in the virtual environment. Virtual Machines are protected from internal and external threats with best-in-class integrated firewall, IPS, DLP, application control, identity awareness, VPN, antivirus, anti-spam, URL filtering, mobile access, anti-bot, threat emulation and threat prevention.

In a multi-tenancy environment, Security Gateway VE protects segregated applications and information from one another and supports multiple VE instances on the same ESX cluster. Traffic can be inspected and controlled on a port or group level without any security and connectivity downtime during vMotion migrations.

In addition to seamless hypervisor layer security, Security Gateway VE also provides the flexibility to be deployed as a Layer 2 (hypervisor mode) or Layer 3 (network mode) default gateway.

Automatic and Dynamic Security

Protection for virtual machines is uninterrupted during live migration from one host to another and while new virtual machines are added. Newly added virtual machines are segregated from existing VMs and automatically protected with automatic security policy enforcement.

Full support for VMware vMotion and DRS allows high availability and load sharing.

Automatic Deployment and Provisioning

Security Gateway VE is automatically deployed on every ESX host by VMware vCenter. Once installed, Check Point Security Management takes control with policy installation and monitoring.

Administration overhead is reduced by automatically deploying VE without the need to change the network topology configuration for the VMs, vSwitches or PortGroups.

Centralized Management for Virtual and Physical Gateways

Security Gateway VE is managed from the same security management or Multi-Domain Management (MDM) as all other physical Check Point security gateways and appliances. This ensures consistent security across all gateways without the expense of separate management consoles.

Check Point Security Management and MDM can also be deployed on virtual machines.

Learn More


Supported VMware ServersVMware vSphere
ESXi v5.1
ESXi v5.5
Supported Check Point SolutionsSecurity Gateway Software Blades
R76, R77 Network Mode only
Minimum Virtual Appliance RequirementsAllocated Memory: 1 GB
Disk Space: 32 GB