FireWall-1 GX delivers Check Point’s market-leading security to GPRS—(2.5G) and UMTS— (3G) enabled wireless networks. FireWall-1 GX is the first product to protect these wireless infrastructures from the threats of untrusted networks. With FireWall-1 GX, wireless network operators can offer seamless roaming to their data customers without exposing their network to potential security threats.
Protection for GPRS networks
Secure connectivity between carriers
Auditing and tracking of GPRS traffic
The most widely deployed wireless networks worldwide are those based on Global System for Mobile Communications, or GSM, technology. Today, GSM wireless operators are able to deliver high-speed Internet access for mobile subscribers using an overlay called General Packet Radio Services, or GPRS. Mobile Internet access offers an exciting array of possibilities including web browsing, e-mail communications, intranet access and location-based services. In the next major evolution of wireless networks, third generation (3G) networks, mobile Internet services will be based on Universal Mobile Telecommunications System or UMTS.
FireWall-1 GX was specifically designed for wireless operators and combines Check Point’s patented Stateful Inspection technology with full GPRS Tunneling Protocol (GTP) awareness. GTP is a key protocol used in delivering mobile data services, and FireWall-1 GX inspects all GTP tunnel fields in the context of both the packet and the tunnel. This enables granular security policies that deliver the highest level of security for these wireless infrastructures.
Deployed at the Border Gateway (Gp interface) and on the Inter PLMN backbone (Gn interface), FireWall-1 GX secures the GPRS backbone when connecting to roaming partner and roaming exchanges (GRX). FireWall-1 GX also protects distributed GPRS backbone environments where operators have connections to Gateway GPRS Support Nodes (GGSNs) outside of their own network or to GGSNs that are geographically dispersed.
The infrastructure deployed by wireless operators to deliver mobile Internet services represents a unique environment, with networking equipment, protocols, signaling services and computing platforms that differ from corporate Internet deployments. This infrastructure requires a security solution that is aware of the challenges of the environment and is compliant with the appropriate standards.
In addition to security enforcement, FireWall-1 GX provides a rich set of GTP specific log information, including granular logging details on tunnel creation, updates and deletions. Beyond logging, a wide range of security alerting options exists as well.
FireWall-1 GX complies fully with GSM standards for GTP, including GTPv0 (3GPP TS 09.60) and GTPv1 (3GPP TS 29.060), and is aware of the GTP v.1 Release 1999 PDU types.