Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer


Next Generation Unified Threat Management


VPN-1® UTM™ is a unified threat management software solution that scales for enterprises of all sizes, simplifying security deployments by consolidating proven security functions within a single solution. Based on the same Check Point technologies that secure the Fortune 500, VPN-1 UTM delivers uncompromising security while streamlining deployment and administration. VPN-1 UTM offers a complete set of security features including firewall, intrusion prevention, antivirus, anti-spyware, messaging security including anti-spam, Web application firewall, VoIP security, instant messaging (IM) and peer-to-peer (P2P) blocking, Web filtering, as well as secure site-to-site and remote access connectivity.


Proven application control and attack protection
VPN-1 UTM includes the most proven firewall and can examine hundreds of applications, protocols, and services out-of-the-box. Integrated SmartDefense IPS utilizes signature- and protocol-anomaly-based intrusion prevention to protect business-critical services like FTP, HTTP, and VoIP from known and unknown attacks. Similarly, VPN-1 UTM can block non-business applications like IM and P2P.

Gateway antivirus, anti-spyware
Gateway antivirus and anti-spyware are core components of VPN-1 UTM, complementing desktop endpoint security. VPN-1 UTM uses an up-to-date list of antivirus and antispyware signatures and anomaly-based protection to stop viruses and other malware at the gateway. To check for threats hidden inside legitimate content, real-time antivirus scans are performed on POP3, SMTP, FTP, and HTTP services.

Comprehensive messaging security with anti-spam
Messaging Security from Check Point provides comprehensive protection for an organization's messaging infrastructure. The multidimensional approach protects the email infrastructure, provides highly accurate spam protection, and defends organizations from a wide variety of virus and malware threats within email.

IP reputation anti-spam
Blocks spam and malware at the connection level by checking the sender's reputation against a dynamic database of known malicious IP addresses

Content-based anti-spam

Protects against advanced forms of spam, including image-based and foreign-language spam, using pattern based detection

Block/allow list anti-spam
Utilizes block or allow lists to deny obvious email offenders and allow trusted senders Protects against a wide range of viruses and malware, including scans of message content and attachments
Mail Antivirus
Protects against a wide range of viruses and malware, including scans of message content and attachments

Zero-hour outbreak protection

Defends against new spam and malware outbreaks by using advanced pattern matching and distribution analysis engine

SmartDefense email IPS
Protects against a broad range of threats, including DoS and buffer overflow attacks, that target the messaging infrastructure itself

Web Filtering
VPN-1 UTM stops inappropriate Web surfing with best-of-breed Web filtering that covers 20-million-plus URLs, so you can define an online acceptable-use policy for your organization.

Simple site-to-site connectivity
With VPN-1 UTM, you can simplify the setup of site-to-site VPNs and remote access. Manual setup of node-to-node VPN tunnels and security for an entire VPN is replaced by a One-Click process, where new sites and remote users are added automatically.

Secure, flexible remote access
VPN-1 UTM gateways can connect employees and business partners to your trusted network through flexible IPSec or SSL-based remote access, working seamlessly with a variety of VPN agents

Integrated SmartCenter management
VPN-1 UTM gateways come with integrated SmartCenter management, offering the ability to centrally manage multiple appliances and other Check Point products from a single console. It centrally stores and distributes security policy for the entire infrastructure, eliminating the need to maintain each site and gateway separately, reducing administrative burden and errors, ensuring consistency across the network. Through the intuitive SmartDashboard, administrators define and manage elements of a security policy: firewall security, network address translation, Quality of Service (QoS), VPN agent security, and VPNs.

Virtual Security
VPN-1 UTM can be deployed as VPN-1 VE, enabling you to secure your virtual environments with the same level of protection as the rest of the network. Certified by VMware, it enables you to quickly provision security within virtual systems without requiring complex network reconfiguration.

For companies desiring to consolidate multiple security gateways on a single hardware platform, VPN-1 Power VSX enables you to virtualize up to 250 VPN-1 gateways on a single, secure virtual platform.


Protections Details
Protocol/Application support
Secures more than 200 applications and protocols

VoIP Protection

Sip, H.323, MGCP, and SIP with NAT support

Instant Messaging Control
MSN, Yahoo, ICQ, and Skype (including over HTTP and SSL)
Peer-to-peer Blocking
Kazaa, GNUTella, BitTorrent, eMule, IRC (including over HTTP)
Network Address Translation
Static/hide NAT support with manual or automatic rules
Encryption Support
AES 128-256 bit, 3DES 56-168 bit

Authentication Methods

Password, RADIUS, TACACS, X.509, SecurID

Certificate Authority
Integrated X.509 certificate authority
VPN communities
Automatically sets up site-to-site connections as objects are created
Topology Support
Star and mesh
Route-based VPN
Utilizes Virtual Tunnel Interfaces, numbered/unnumbered interfaces
VPN Client
Check Point Endpoint Security, VPN-1 SecureClient, VPN-1 SecuRemote
SSL-based remote access
Fully integrated SSL VPN gateway provides on-demand SSL-based access

SSL-based endpoint scanning

Scans endpoint for compliance/malware prior to admission to the network

Intrusion Prevention
Network-layer protection
Blocks attacks such as DoS, Port Scanning, IP/ICMP/TCP related

Application-layer protection

Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands and more

Detection Methods
Signature-based and protocol anomaly
Antivirus / Anti-spyware
Antivirus protection
Protects HTTP, FTP, POP3, and SMTP protocols

Anti-spyware blocks

Pattern-based spyware blocking at the gateway

Centralized, daily updates
Web Filtering
URL database
20 million-plus URLs covering 3 billion-plus Web pages

Language support

More than 70 languages spanning 200 countries

Centralized, daily updates (100,000-plus new sites a week)
Messaging Security
Email IPS
SMTP, POP3, and IMAP attack protection

Pattern-based anti-spam

Detects spam based on dynamic database of signatures

IP reputation checking
Blocks spam and malware by sender
Signature-based antivirus
First layer of protection from viruses and malware

Zero-hour outbreak protection

Complements signature-based protection to block new outbreaks

Block/allow lists
Provides granular control over specific domains and users
Can be deployed as certified virtual appliance in VMware environments



DHCP Support
SecurePlatform™ DHCP server and Relay
Layer-2 bridge support
Transparently integrates into existing network
ISP Redundancy
Protocol-based, source/destination and port route decisions
Performance and Availability
Failover recovery
Optional ClusterXL for Active/standby bridge mode for instantaneous failover

Load balancing

Optional ClusterXL

Quality of Service
FloodGate-1 for granular QoS
ISP Redundancy
Automatically reroutes traffic to second interface
Traffic Acceleration
Optional SecureXL accelerates security decisions

Check Point Secure Platform, Microsoft Windows Server, Sun Solaris, RedHat Enterprise Linux

Free Disk Space

Windows and Linux : 300 MB
Solaris: 128 MB
SecurePlatform: 10 GB (OS Inclusive)

Windows and Linux: 256 MB (512 MB Recommended)
Solaris: 128 MB
SecurePlatform: 256 MB (512 MB Recommended)

For detailed information on supported platforms and system requirements, please refer to this page.


Check Point offers many technical support options for customers. These range from the Standard support plan that provides telephone assistance during normal business hours with next-day shipment of replacement appliances, to the Premium support plan providing 24/7 assistance with same day replacement shipment, up to the Premium+4H plan that provides a qualified engineer on-site within four hours to resolve any appliance-related issues. For additional information, please visit the Support Programs section of our website.

[an error occurred while processing this directive]
[an error occurred while processing this directive]