VPN-1 UTM
Next Generation Unified Threat Management
Overview
VPN-1® UTM™ is a unified threat management software solution that scales for enterprises of all sizes, simplifying security deployments by consolidating proven security functions within a single solution. Based on the same Check Point technologies that secure the Fortune 500, VPN-1 UTM delivers uncompromising security while streamlining deployment and administration. VPN-1 UTM offers a complete set of security features including firewall, intrusion prevention, antivirus, anti-spyware, messaging security including anti-spam, Web application firewall, VoIP security, instant messaging (IM) and peer-to-peer (P2P) blocking, Web filtering, as well as secure site-to-site and remote access connectivity.
Features
- Proven application control and attack protection
- Gateway antivirus, anti-spyware
- Comprehensive messaging security with anti-spam
- Web Filtering
- Virtual Security
Proven application control and attack protection
VPN-1 UTM includes the most proven firewall and can examine hundreds of applications, protocols, and services out-of-the-box. Integrated SmartDefense IPS utilizes signature- and protocol-anomaly-based intrusion prevention to protect business-critical services like FTP, HTTP, and VoIP from known and unknown attacks. Similarly, VPN-1 UTM can block non-business applications like IM and P2P.
Gateway antivirus, anti-spyware
Gateway antivirus and anti-spyware are core components of VPN-1 UTM, complementing desktop endpoint security. VPN-1 UTM uses an up-to-date list of antivirus and antispyware signatures and anomaly-based protection to stop viruses and other malware at the gateway. To check for threats hidden inside legitimate content, real-time antivirus scans are performed on POP3, SMTP, FTP, and HTTP services.
Comprehensive messaging security with anti-spam
Messaging Security from Check Point provides comprehensive protection for an organization's messaging infrastructure. The multidimensional approach protects the email infrastructure, provides highly accurate spam protection, and defends organizations from a wide variety of virus and malware threats within email.
| IP reputation anti-spam | Blocks spam and malware at the connection level by checking the sender's reputation against a dynamic database of known malicious IP addresses |
Content-based anti-spam |
Protects against advanced forms of spam, including image-based and foreign-language spam, using pattern based detection |
| Block/allow list anti-spam | Utilizes block or allow lists to deny obvious email offenders and allow trusted senders Protects against a wide range of viruses and malware, including scans of message content and attachments |
| Mail Antivirus | Protects against a wide range of viruses and malware, including scans of message content and attachments |
Zero-hour outbreak protection |
Defends against new spam and malware outbreaks by using advanced pattern matching and distribution analysis engine |
| SmartDefense email IPS | Protects against a broad range of threats, including DoS and buffer overflow attacks, that target the messaging infrastructure itself |
Web Filtering
VPN-1 UTM stops inappropriate Web surfing with best-of-breed Web filtering that covers 20-million-plus URLs, so you can define an online acceptable-use policy for your organization.
Simple site-to-site connectivity
With VPN-1 UTM, you can simplify the setup of site-to-site VPNs and remote access. Manual setup of node-to-node VPN tunnels and security for an entire VPN is replaced by a One-Click process, where new sites and remote users are added automatically.Secure, flexible remote access
VPN-1 UTM gateways can connect employees and business partners to your trusted network through flexible IPSec or SSL-based remote access, working seamlessly with a variety of VPN agentsIntegrated SmartCenter management
VPN-1 UTM gateways come with integrated SmartCenter management, offering the ability to centrally manage multiple appliances and other Check Point products from a single console. It centrally stores and distributes security policy for the entire infrastructure, eliminating the need to maintain each site and gateway separately, reducing administrative burden and errors, ensuring consistency across the network. Through the intuitive SmartDashboard, administrators define and manage elements of a security policy: firewall security, network address translation, Quality of Service (QoS), VPN agent security, and VPNs.
Virtual Security
VPN-1 UTM can be deployed as VPN-1 VE, enabling you to secure your virtual environments with the same level of protection as the rest of the network. Certified by VMware, it enables you to quickly provision security within virtual systems without requiring complex network reconfiguration.
For companies desiring to consolidate multiple security gateways on a single hardware platform, VPN-1 Power VSX enables you to virtualize up to 250 VPN-1 gateways on a single, secure virtual platform.
Protections Details
Firewall
|
|
|---|---|
| Protocol/Application support | Secures more than 200 applications and protocols |
VoIP Protection |
Sip, H.323, MGCP, and SIP with NAT support |
| Instant Messaging Control | MSN, Yahoo, ICQ, and Skype (including over HTTP and SSL) |
| Peer-to-peer Blocking | Kazaa, GNUTella, BitTorrent, eMule, IRC (including over HTTP) |
| Network Address Translation | Static/hide NAT support with manual or automatic rules |
IPSec VPN
|
|
| Encryption Support | AES 128-256 bit, 3DES 56-168 bit |
Authentication Methods |
Password, RADIUS, TACACS, X.509, SecurID |
| Certificate Authority | Integrated X.509 certificate authority |
| VPN communities | Automatically sets up site-to-site connections as objects are created |
| Topology Support | Star and mesh |
| Route-based VPN | Utilizes Virtual Tunnel Interfaces, numbered/unnumbered interfaces |
| VPN Client | Check Point Endpoint Security, VPN-1 SecureClient, VPN-1 SecuRemote |
SSL VPN
|
|
| SSL-based remote access | Fully integrated SSL VPN gateway provides on-demand SSL-based access |
SSL-based endpoint scanning |
Scans endpoint for compliance/malware prior to admission to the network |
Intrusion Prevention
|
|
| Network-layer protection | Blocks attacks such as DoS, Port Scanning, IP/ICMP/TCP related |
Application-layer protection |
Blocks attacks such as DNS cache poisoning, FTP bounce, improper commands and more |
| Detection Methods | Signature-based and protocol anomaly |
Antivirus / Anti-spyware
|
|
| Antivirus protection | Protects HTTP, FTP, POP3, and SMTP protocols |
Anti-spyware blocks |
Pattern-based spyware blocking at the gateway |
| Updates | Centralized, daily updates |
Web Filtering
|
|
| URL database | 20 million-plus URLs covering 3 billion-plus Web pages |
Language support |
More than 70 languages spanning 200 countries |
| Updates | Centralized, daily updates (100,000-plus new sites a week) |
Messaging Security
|
|
| Email IPS | SMTP, POP3, and IMAP attack protection |
Pattern-based anti-spam |
Detects spam based on dynamic database of signatures |
| IP reputation checking | Blocks spam and malware by sender |
| Signature-based antivirus | First layer of protection from viruses and malware |
Zero-hour outbreak protection |
Complements signature-based protection to block new outbreaks |
| Block/allow lists | Provides granular control over specific domains and users |
Networking
|
|
| Virtualization | Can be deployed as certified virtual appliance in VMware environments |
VLANs |
256 |
| DHCP Support | SecurePlatform™ DHCP server and Relay |
| Layer-2 bridge support | Transparently integrates into existing network |
| ISP Redundancy | Protocol-based, source/destination and port route decisions |
Performance and Availability
|
|
| Failover recovery | Optional ClusterXL for Active/standby bridge mode for instantaneous failover |
Load balancing |
Optional ClusterXL |
| Quality of Service | FloodGate-1 for granular QoS |
| ISP Redundancy | Automatically reroutes traffic to second interface |
| Traffic Acceleration | Optional SecureXL accelerates security decisions |
HARDWARE SPECIFICATIONS
|
|
|---|---|
| Platforms | Check Point Secure Platform, Microsoft Windows Server, Sun Solaris, RedHat Enterprise Linux |
Free Disk Space |
Windows and Linux : 300 MB |
| Memory | Windows and Linux: 256 MB (512 MB Recommended) Solaris: 128 MB SecurePlatform: 256 MB (512 MB Recommended) |
For detailed information on supported platforms and system requirements, please refer to this page.
Support
Check Point offers many technical support options for customers. These range from the Standard support plan that provides telephone assistance during normal business hours with next-day shipment of replacement appliances, to the Premium support plan providing 24/7 assistance with same day replacement shipment, up to the Premium+4H plan that provides a qualified engineer on-site within four hours to resolve any appliance-related issues. For additional information, please visit the Support Programs section of our website.
Direct Enterprise Support
| Support Service | Software Subscription | Standard | Premium | Diamond (On Top Of Premium) |
|---|---|---|---|---|
| Basic SLA | N/A | 5x9 Business Day | 7 x 24 Every Day | 7 x 24 Every Day |
| Latest Hot Fixes & Service Packs | Yes | Yes | Yes | Yes |
| Major Upgrades & Enhancements | Yes | Yes | Yes | Yes |
| Support Focal Point | N/A | Desks Support Engineer | Premium Support Engineer | Designated Diamond Engineer |
| Unlimited Service Requests | N/A | Yes | Yes | Yes |
| Committed Response time to Severity-1 issues | N/A | 30 Minutes | 30 Minutes | 30 Minutes |
| Committed Response time to Severity 2,3 & 4 issues | N/A | 4 Hours | Sev 2 – 2 Hours Sev 3 & 4 – 4 Hours |
Sev 2 – 2 Hours Sev 3 & 4 – 4 Hours |
| Access to Check Point Products Forums | Read | Full Access | Full Access | Full Access |
| Access to Online Support Knowledgebase | N/A | Advanced | Expert | Expert |
| Appliance Support* | ||||
| Default Appliance support (if the appliance is covered within the account rate) | 1st Year Warranty | Standard | Premium | Premium |
| Return Material Authorization (RMA) determination | TAC | TAC | TAC | Customer |
| RMA Shipment Method | Within 7 Business Days from faulty unit return | Same business day shipment1 | Next Flight Out / Express Delivery (when applicable) or Same Business Day Shipment3 | Next Flight Out / Express Delivery (when applicable) or Same Business Day Shipment3 |
| Onsite RMA Shipment Method (must be purchased in addition to the regular program SLA) |
N/A | 5 x 8 x NBD Delivery and basic installation of replacement hardware by a certified engineer2 |
7 x 24 x 4H Delivery and basic installation of replacement hardware by a certified engineer |
7 x 24 x 4H Delivery and basic installation of replacement hardware by a certified engineer |
- For Return Material Authorization determination completed by 15:00 regional hub time; otherwise shipment will occur next business day with delivery target extended by one day
- Available in over 250 locations world wide.
- Next Flight Out / Express Delivery is available in the European Union and mainland US. Appliances are shipped during normal business hours and may arrive during off hours or next business day until 9AM.
* Learn more about Check Point Security Appliances Support Programs
Collaborative Enterprise Support
| Support Service | Co - Standard | Co - Premium | Co - MSP |
|---|---|---|---|
| TAC access by the certified support partner / MSP | 7 x 24 Every Day | 7 x 24 Every Day | 7 x 24 Every Day |
| Latest Hot Fixes & Service Packs | Yes | Yes | Yes |
| Major Upgrades & Enhancements | Yes | Yes | Yes |
| Support Focal Point (to partner/ MSP) | Desks Support Engineer | Premium Support Engineer | Premium Support Engineer |
| Unlimited Service Requests | Yes | Yes | Yes |
| Committed Response time to Severity-1 issues | Indirect 30 Minutes | Direct 30 Minutes | Direct 30 Minutes |
| Committed Response time to Severity 2,3 & 4 issues | 4 Hours | Sev 2 - 2 Hours Sev 3 & 4 - 4 Hours |
Sev 2 - 2 Hours Sev 3 & 4 - 4 Hours |
| Direct Access to Check Point TAC for Severity-1 issues | No | Yes 7 x 24 | Yes 7 x 24 |
| Access to Check Point Products Forums | Full Access | Full Access | Full Access |
| Access to Online Support Knowledgebase | Advanced | Expert | Expert |
| Appliance Support* | |||
| Default Appliance support (if the appliance is covered within the account rate) | Co - Standard | Co - Premium | Co - Premium |
| Return Material Authorization (RMA) determination | TAC | TAC | TAC |
| RMA Shipment Method | Same business day shipment1 | Next Flight Out / Express Delivery (when applicable) or Same Business Day Shipment3 | Next Flight Out / Express Delivery (when applicable) or Same Business Day Shipment3 |
| Onsite RMA Shipment Method (must be purchased in addition to the regular program SLA) |
5 x 8 x NBD Delivery and basic installation of replacement hardware by a certified engineer2 |
7 x 24 x 4H Delivery and basic installation of replacement hardware by a certified engineer |
7 x 24 x 4H Delivery and basic installation of replacement hardware by a certified engineer |
1 For Return Material Authorization determination completed by 15:00 regional hub time; otherwise shipment will occur next business day with delivery target extended by one day.
2 Available in over 250 locations world wide.
3 Next Flight Out / Express Delivery is available in the European Union and mainland US. Appliances are shipped during normal business hours and may arrive during off hours or next business day until 9AM.
* UTM-1 Edge RMA is shipped Next Business Day for all SLAs.
* Learn more about Check Point Security Appliances Support Programs
- Products A-Z
- Appliances
- Appliances Overview
- 2200 Appliances
- 4000 Appliances
- 12000 Appliances
- 21400 Appliance
- 61000 Security System
- SecurityPower
- Power-1
- UTM-1
- Series 80
- UTM-1 Edge
- IP Appliances
- VSX-1
- DLP-1
- IPS-1
- Safe@Office
- Smart-1
- Smart-1 SmartEvent
- Integrated Appliance Solution
- IAS Bladed Hardware
- Software Blades
- Software Blades Overview
- Security Gateway
- Firewall
- IPSec VPN
- IPS
- Mobile Access
- Application Control
- Identity Awareness
- DLP
- Web Security
- URL Filtering
- Anti-Bot
- Antivirus & Anti-Malware
- Anti-Spam & Email Security
- Advanced Networking & Clustering
- Voice over IP (VoIP)
- Security Management
- Network Policy Management
- Endpoint Policy Management
- Logging & Status
- SmartWorkflow
- Monitoring
- Management Portal
- User Directory
- SmartProvisioning
- SmartReporter
- SmartEvent
- Multi-Domain Security Management
- Virtualization Security
- Security Gateway Virtual Edition
- Cloud Security
- Virtual Appliance for Amazon Web Services
- Security Systems
- Security Systems Overview
- Endpoint Security
- Endpoint Security
- Full Disk Encryption
- Media Encryption
- Anti-Malware & Program Control
- Remote Access VPN
- Firewall & Compliance
- Check Point WebCheck
- Check Point GO
- Solutions
- Remote Access
- Consumer Products
- ZoneAlarm Antivirus
- ZoneAlarm ForceField
- ZoneAlarm Internet Security Suite
-
Next Steps
- Find a Partner
- Call US sales: 1-866-488-6691
- Contact Us Online
- Try VPN-1 UTM
Resources
- NEW! Messaging Security
- NGX Info Center
- Protocol Support
- Supported Platforms
- Security Virtualization
- Check Point Secure connect App for iPhone
Related Products