IPSec VPN Software Blade

The IPSec VPN Software Blade simplifies the creation and management of complex VPNs. SmartDashboard enables administrators to define participating gateways—including third-party gateways—in large-scale VPNs. VPN gateways can be configured in minutes for both star and mesh topologies with an integrated certificate authority to manage keys.

VPN connectivity should always be matched with a high level of security. The IPSec VPN Software Blade enables remote users, sites and partners to connect securely. Security policies may be applied to all encrypted traffic or a subset of traffic.

In addition, the IPSec VPN Software Blade provides strong security for the VPN against Denial of Service (DoS) attacks such as those directed against the Internet Key Exchange (IKE) mechanism. The IPSec VPN Software Blade implements a unique solution for IKE DoS, requiring that unknown gateways solve a computationally-intensive problem before allowing them to connect.

The IPSec VPN Software Blade provides various modes to address a variety of connectivity and routing issues faced by remote users, including:

• Office mode:  Addresses routing issues between the client and the gateway by encapsulating IP packets with the remote user’s original IP address, thereby enabling users to appear as if they were “in the office” while connecting remotely. Office mode also provides enhanced anti-spoofing by ensuring that the IP address encountered by the gateway is authenticated and assigned to the user.
• Visitor mode: Enables employees to access resources while they are working at a remote location such as a hotel or a customer office, where Internet connectivity may be limited to Web browsing using the standard HTTP and HTTPS ports.
• Hub mode: Enables rigorous, centralized inspection of all client traffic.  This eliminates the need to deploy security functions to multiple offices and gives employees secure client-to-client communications such as Voice over IP (VoIP) or Internet conferencing using applications like Microsoft NetMeeting.

The IPSec VPN Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.

The IPSec VPN Software Blade supports the creation of VPNs via multiple methods, including:

• Route-based VPNs:  Administrators set VPN rules to define which traffic should be encrypted, enabling the creation of complex large-scale site-to-site VPNs in dynamic environments. Route-based VPNs also support the extension of dynamic routing and multicast communities across VPNs.
• Domain-based VPNs:  Administrators identify the resources behind the gateway  for which VPN traffic should be encrypted.

Every enterprise has unique requirements for remote access. The IPSec VPN Software Blade offers a comprehensive set of remote access VPN client choices that allow you to design a solution that meets your specific needs. These choices include:

• Check Point Endpoint Security:  a complete endpoint security solution
  • IPSec VPN client
  • desktop firewall
  • Network Access Control (NAC)
  • program control
  • antivirus and anti-spyware
  • full disk encryption
  • port protection and other data security features
  • managed by Endpoint Policy Management Blade
• Endpoint Security VPN R75
  • Windows IPSec VPN client
  • desktop firewall
  • compliance checks
  • remote connection enhancements
  • managed by Network Policy Management Blade
• SecuRemote
  • free Windows IPSec VPN Client
• SecureClient Mobile
  • SSL VPN client for Windows Mobile phones
• L2TP Support
  • for clients with Layer 2 Tunneling Protocol (L2TP) VPN support