BenefitsSecures VMware ESXi v.5.5 and NSX products
- Check Point’s security protection includes next-generation firewall and threat prevention for VMware virtualization
- Inspect inter-VM traffic with hypervisor-level integration using VMware NetX API
- Secure virtual machines without changing network topology
- Flexible deployment: Hypervisor or Network mode
- Instantly secure all VMs on new ESX host member with automatic VE deployment
- Automatically secure newly provisioned Virtual Machines
- Secure migrated virtual machines without breaking applications’ connectivity
- Consistent security policy across both physical and virtual environments
- Visibility and auditing of virtualization configuration and security changes
- Separation of duties between virtualization and security teams
Check Point Virtual Edition (VE) protects virtual machines and inspects inter-VM traffic through the breadth of multilayer security protection without changing the network topology. Security Gateway VE is based on the Check Point Software Blade Architecture and integrates with VMware vCloud Networking and Security using NetX API to enforce hypervisor security.
Using physical security in a virtual environment to inspect inter-VM traffic impacts performance and complicates topology. With the Security Gateway VE, performance is increased by inspecting virtual machine traffic inside the host without the need of network changes. Virtual machines are constantly and automatically protected regardless of IP address changes, live migration or being new to the environment.
Security Gateway VE enables you to separate virtual applications, protecting them from each other as well as internal and external threats. Check Point update services provide real-time updates to keep protections current with the latest defenses.
Security Gateway VE consolidates proven security functions in the virtual environment. Virtual Machines are protected from internal and external threats with best-in-class integrated firewall, IPS, DLP, application control, identity awareness, VPN, antivirus, anti-spam, URL filtering, mobile access, anti-bot, threat emulation and threat prevention.
In a multi-tenancy environment, Security Gateway VE protects segregated applications and information from one another and supports multiple VE instances on the same ESX cluster. Traffic can be inspected and controlled on a port or group level without any security and connectivity downtime during vMotion migrations.
In addition to seamless hypervisor layer security, Security Gateway VE also provides the flexibility to be deployed as a Layer 2 (hypervisor mode) or Layer 3 (network mode) default gateway.
Protection for virtual machines is uninterrupted during live migration from one host to another and while new virtual machines are added. Newly added virtual machines are segregated from existing VMs and automatically protected with automatic security policy enforcement.
Full support for VMware vMotion and DRS allows high availability and load sharing.
Security Gateway VE is automatically deployed on every ESX host by VMware vCenter. Once installed, Check Point Security Management takes control with policy installation and monitoring.
Administration overhead is reduced by automatically deploying VE without the need to change the network topology configuration for the VMs, vSwitches or PortGroups.
Security Gateway VE is managed from the same security management or Multi-Domain Management (MDM) as all other physical Check Point security gateways and appliances. This ensures consistent security across all gateways without the expense of separate management consoles.
Check Point Security Management and MDM can also be deployed on virtual machines.
|Supported VMware Servers||VMware vSphere
|Supported Check Point Solutions||Security Gateway Software Blades
R76, R77 Network Mode only
|Minimum Virtual Appliance Requirements||Allocated Memory: 1 GB
Disk Space: 32 GB