Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

VPN-1 Power

Accelerated Security for the Most Demanding Environments

Overview

VPN-1 Power security gateways provide an active defense that enables you to secure your most demanding sites – such as core networks or data centers. A central element of Check Point’s unified security architecture, VPN-1 Power adapts as new applications are introduced and new threats appear—delivering proactive protection for new technologies such as VoIP or instant messaging and against whole classes of attacks. With advanced security acceleration technology, VPN-1 Power ensures that your business information flows efficiently without compromising security. The result is an integrated firewall, VPN, and intrusion prevention solution that keeps your business safe and your information available. As part of Check Point’s Unified Security Architecture, VPN-1 Power integrates with other Check Point solutions to simplify security management and deployment.

Benefits

  • Proven FireWall-1 security with integrated firewall, VPN, and intrusion prevention
  • Accelerated security up to 12 Gbps
  • Accelerated SmartDefense intrusion prevention up to 6.1 Gbps
  • Simple centralized management of a unified security architecture
  • Protection against new threats through SmartDefense Services

Features

Active Defense Against Threats

The Award-Winning FireWall-1
FireWall-1 is based on Check Point-patented Stateful Inspection, the de facto standard for Internet security. It understands the context of network traffic and provides out-of-the box support for more than 150 predefined applications, protocols, and services such as Citrix, Oracle, Web conferencing, and more. Because it is extensible, FireWall-1 quickly adapts as new applications, which need to be secured, appear on your network.

Advanced Intrusion Prevention
SmartDefense intrusion prevention uses Application Intelligence™ technologies to understand how applications and protocols should work. With this information, SmartDefense intrusion prevention can preemptively block entire classes of attacks based on suspicious behavior. You stay protected as new variants appear—without the need for signature updates that do not appear until after the threat has done its damage.

Virtual Security
VPN-1 Power can be deployed as VPN-1 VE, enabling you to secure your virtual environments with the same level of protection as the rest of the network. Certified by VMware, it enables you to quickly provision security within virtual systems without requiring complex network reconfiguration.

For companies desiring to consolidate multiple security gateways on a single hardware platform, VPN-1 Power VSX enables you to virtualize up to 250 VPN-1 gateways on a single, secure virtual platform.

Total Security with VPN-1 UTM Power
Because some organizations desire the content inspection capability found in unified threat management solutions, customers have the option of purchasing VPN-1 UTM Power. VPN-1 UTM Power provides the accelerated security found in VPN-1 Power but complements it with integrated antivirus, anti-spam and Web filtering. Updated through SmartDefense Services, these features enable a higher level of security for email, Web, and other content-driven traffic.

Integrated Protection for Web Servers
Web Intelligence™, an optional Web security firewall for VPN-1 Power gateways, provides advanced Web application security. Web Intelligence protects Web applications from common hacking techniques such as command injection, cross-site scripting, directory traversal, LDAP injection, and SQL injection.


VPN Connectivity with Total Security

Simplified Site-to-Site VPN
VPN-1 Power provides a unified method to create and manage complex VPNs. The SmartDashboard enables administrators to define participating gateways – including third-party gateways – in large-scale VPNs. VPN gateways can be configured for both star and mesh topologies in minutes with an integrated certificate authority to manage keys.

Flexible Remote Access Support
Every enterprise has unique requirements for remote access. VPN-1 Power provides flexibility to design a solution to meet your needs.

  • Check Point Endpoint Security— Check Point Endpoint Security™ is the first single agent for total endpoint security that combines the highest-rated firewall, network access control (NAC), program control, antivirus, anti-spyware, data security, and remote access.

  • VPN-1 SecuRemote®—VPN-1 SecuRemote offers basic IPSec connectivity for remote users

  • SecureClient Mobile—SecureClient Mobile delivers firewall protection and secure, uninterrupted remote access for wireless devices such as mobile phones

  • SSL Network Extender—SSL Network Extender™ is an on-demand client that provides full network-layer secure access through a browser plug-in, enabling remote users to access email or other network applications in their native interfaces

  • Check Point Endpoint Security on Demand— Check Point Endpoint Security on Demand mitigates risks from unmanaged PCs connecting to Web-facing resources, enforcing prelogin security policy, blocking spyware, enabling on-demand, end-to-end session confidentiality, without preinstalled clients

Total Control, Total Visibiliy
Key to your security objectives’ success is having strong management, auditing, and analysis tools for your overall security environment. As part of a Check Point unified security architecture, VPN-1 Power provides unified control over security policy and unified visibility into security information across a distributed security infrastructure. Using SmartCenter™, you can define one policy that is enforced across all VPN-1 Power, VPN-1 UTM, and VPN-1 UTM Edge™ security gateways – as well as Check Point appliances such as Power-1 and UTM-1 . By working on a single policy, you reduce the risk of configuration error and the time required to manage your security.

High performance and availability
VPN-1 Power delivers accelerated security of more than 12 Gbps on an open server, guaranteeing the availability of information without compromising security. Using Check Point-patented SecureXL™ security acceleration, VPN-1 Power security gateways enable you to get maximum performance from open servers and appliances even during DoS attacks. The patent-pending CoreXL technology accelerates processor-intensive activities such as intrusion prevention, enabling you to get higher performance while maintaining a high level of security.

VPN-1 Power uses advanced streaming technologies that allow packet processing to be performed at the kernel level, significantly improving network- and application-layer inspection, typically a computing-intensive task. Combining the SecureXL framework and streaming technology with Check Point’s commitment to open systems delivers industry-leading performance at the lowest possible cost.

Integrated VPN Quality of Service (QoS)
QoS is a requirement for any VPN where performance is important and congestion on the Internet link may occur. FloodGate-1® ensures optimum performance for mission-critical VPN-1 traffic, enabling customers to migrate critical business traffic from private WANs to the Internet.

High availability and load sharing
ClusterXL® distributes traffic of all types across a cluster of VPN-1 Power gateways. If a gateway becomes unreachable, all connections are seamlessly redirected to the remaining cluster members. By adding an optional ClusterXL module, near-linear performance gains can be achieved by adding cluster members.

Specifications

Protections Details
Firewall
Protocol/Application support
Secures more than 200 applications and protocols

VoIP Protection

Sip, H.323, MGCP, and SIP with NAT support

Instant Messaging Control
MSN, Yahoo, ICQ, and Skype (including over HTTP and SSL)
Peer-to-peer Blocking
Kazaa, GNUTella, BitTorrent, eMule, IRC (including over HTTP)
Network Address Translation
Static/hide NAT support with manual or automatic rules
IPSec VPN
Encryption Support
AES 128-256 bit, 3DES 56-168 bit

Authentication Methods

Password, RADIUS, TACACS, X.509, SecurID

Certificate Authority
Integrated X.509 certificate authority
VPN communities
Automatically sets up site-to-site connections as objects are created
Topology Support
Star and mesh
Route-based VPN
Utilizes Virtual Tunnel Interfaces, numbered/unnumbered interfaces
VPN Client
Check Point Endpoint Security, VPN-1 SecureClient, VPN-1 SecuRemote
SSL VPN
SSL-based remote access
Fully integrated SSL VPN gateway provides on-demand SSL-based access

SSL-based endpoint scanning

Scans endpoint for compliance/malware prior to admission to the network

Intrusion Prevention
Network-layer protection
Blocks attacks such as DoS, Port Scanning, IP/ICMP/TCP related

Application-layer protection

Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands and more

Detection Methods
Signature-based and protocol anomaly
Networking
Virtualization
Can be deployed as certified virtual appliance in VMware environments

Up to 256

256

Dynamic Routing Support
OSPF, BGP, RIP v1/2,Multicast
DHCP Support
SecurePlatform™ DHCP server and Relay
Layer-2 bridge support
Transparently integrates into existing network
ISP Redundancy
Protocol-based, source/destination and port route decisions
Performance and Availability
Failover recovery
Active/standby bridge mode for instantaneous failover

Load balancing

Optional ClusterXL active/active clustering

Quality of Service
FloodGate-1 for granular QoS
ISP Redundancy
Automatically reroutes traffic to second interface
Traffic Acceleration
SecureXL accelerates security decisions CoreXL accelerates processor-intensive activities such as intrusion prevention


HARDWARE SPECIFICATIONS
Platforms
Check Point Secure Platform, Microsoft Windows Server, Sun Solaris, RedHat Enterprise Linux

Free Disk Space

Windows and Linux : 300 MB
Solaris: 128 MB
SecurePlatform: 10 GB (OS Inclusive)

Memory
Windows and Linux: 256 MB (512 MB Recommended)
Solaris: 128 MB
SecurePlatform: 256 MB (512 MB Recommended)

For detailed information on supported platforms and system requirements, please refer to this page.

Support

Check Point offers many technical support options for customers. These range from the Standard support plan that provides telephone assistance during normal business hours with next-day shipment of replacement appliances, to the Premium support plan providing 24/7 assistance with same day replacement shipment, up to the Premium+4H plan that provides a qualified engineer on-site within four hours to resolve any appliance-related issues. For additional information, please visit the Support Programs section of our website.

Direct Enterprise Support

Support Service Software Subscription Standard Premium Diamond (On Top Of Premium)
Basic SLA N/A 5x9 Business Day 7 x 24 Every Day 7 x 24 Every Day
Latest Hot Fixes & Service Packs Yes Yes Yes Yes
Major Upgrades & Enhancements Yes Yes Yes Yes
Support Focal Point N/A Desks Support Engineer Premium Support Engineer Designated Diamond Engineer
Unlimited Service Requests N/A Yes Yes Yes
Committed Response time to Severity-1 issues N/A 30 Minutes 30 Minutes 30 Minutes
Committed Response time to Severity 2,3 & 4 issues N/A 4 Hours Sev 2 – 2 Hours
Sev 3 & 4 – 4 Hours
Sev 2 – 2 Hours
Sev 3 & 4 – 4 Hours
Access to Check Point Products Forums Read Full Access Full Access Full Access
Access to Online Support Knowledgebase N/A Advanced Expert Expert
Appliance Support*
Default Appliance support (if the appliance is covered within the account rate) 1st Year Warranty Standard Premium Premium
Return Material Authorization (RMA) determination TAC TAC TAC Customer
RMA Shipment Method Within 7 Business Days from faulty unit return Same business day shipment1 Next Flight Out / Express Delivery (when applicable) or Same Business Day Shipment3 Next Flight Out / Express Delivery (when applicable) or Same Business Day Shipment3
Onsite RMA Shipment Method
(must be purchased in addition to the regular program SLA)
N/A 5 x 8 x NBD
Delivery and basic installation of replacement hardware by a certified engineer2
7 x 24 x 4H
Delivery and basic installation of replacement hardware by a certified engineer
7 x 24 x 4H
Delivery and basic installation of replacement hardware by a certified engineer
  1. For Return Material Authorization determination completed by 15:00 regional hub time; otherwise shipment will occur next business day with delivery target extended by one day
  2. Available in over 250 locations world wide.
  3. Next Flight Out / Express Delivery is available in the European Union and mainland US.  Appliances are shipped during normal business hours and may arrive during off hours or next business day until 9AM.

* Learn more about Check Point Security Appliances Support Programs

Collaborative Enterprise Support

Support Service Co - Standard Co - Premium Co - MSP
TAC access by the certified support partner / MSP 7 x 24 Every Day 7 x 24 Every Day 7 x 24 Every Day
Latest Hot Fixes & Service Packs Yes Yes Yes
Major Upgrades & Enhancements Yes Yes Yes
Support Focal Point (to partner/ MSP) Desks Support Engineer Premium Support Engineer Premium Support Engineer
Unlimited Service Requests Yes Yes Yes
Committed Response time to Severity-1 issues Indirect 30 Minutes Direct 30 Minutes Direct 30 Minutes
Committed Response time to Severity 2,3 & 4 issues 4 Hours Sev 2 - 2 Hours
Sev 3 & 4 - 4 Hours
Sev 2 - 2 Hours
Sev 3 & 4 - 4 Hours
Direct Access to Check Point TAC for Severity-1 issues No Yes 7 x 24 Yes 7 x 24
Access to Check Point Products Forums Full Access Full Access Full Access
Access to Online Support Knowledgebase Advanced Expert Expert
Appliance Support*
Default Appliance support (if the appliance is covered within the account rate) Co - Standard Co - Premium Co - Premium
Return Material Authorization (RMA) determination TAC TAC TAC
RMA Shipment Method Same business day shipment1 Next Flight Out / Express Delivery (when applicable) or Same Business Day Shipment3 Next Flight Out / Express Delivery (when applicable) or Same Business Day Shipment3
Onsite RMA Shipment Method
(must be purchased in addition to the regular program SLA)
5 x 8 x NBD
Delivery and basic installation of replacement hardware by a certified engineer2
7 x 24 x 4H
Delivery and basic installation of replacement hardware by a certified engineer
7 x 24 x 4H
Delivery and basic installation of replacement hardware by a certified engineer

1 For Return Material Authorization determination completed by 15:00 regional hub time; otherwise shipment will occur next business day with delivery target extended by one day.

2 Available in over 250 locations world wide.

3 Next Flight Out / Express Delivery is available in the European Union and mainland US. Appliances are shipped during normal business hours and may arrive during off hours or next business day until 9AM.

* UTM-1 Edge RMA is shipped Next Business Day for all SLAs.

* Learn more about Check Point Security Appliances Support Programs