IPSec VPN Software Blade

IPsec VPN provides secure connectivity to corporate networks for remote and mobile users, branch offices and business partners. IPsec integrates access control, authentication and encryption to guarantee the security of network connections over the public Internet.


Secure VPN connectivity for remote and mobile users, branch offices

  • Simple, centralized management of remote access and site-to-site VPNs
  • Enhanced security against Denial of Service (DoS) attacks
  • Security policy can be applied in varying degrees based on encryption level

Flexibility to build the VPN solution that meets your specific needs

  • Multiple remote access VPN connectivity modes to support road warriors
  • Comprehensive set of remote access VPN client choices
  • Multiple VPN creation methods, including route-based and domain-based VPNs

Integrated into the Check Point Infinity Architecture

  • Activate IPSec VPN on any Check Point Security Gateway
  • Centralized logging and reporting via a single console

With the comprehensive security solutions from Check Point, we not only have upgraded the security protection for our company’s entire network, but also enabled our branches and users to access the services and applications provided by our Information Center.

Zhang Hong Yang

Head of Infrastructure Network Department

Information Center of Yankuang Group



Simplified Site-to-Site Virtual Private Network (VPN)

Check Point IPsec VPN simplifies the creation and management of complex VPNs. SmartConsole enables administrators to define participating gateways—including third-party gateways—in large-scale VPNs. VPN gateways can be configured in minutes for both star and mesh topologies with an integrated certificate authority to manage keys.

Enhanced Security

VPN connectivity should always be matched with a high level of security. IPsec VPN enables remote users, sites and partners to connect securely. Security policies may be applied to all encrypted traffic or a subset of traffic.

In addition, Check Point IPsec VPN provides strong security for the VPN against Denial of Service (DoS) attacks such as those directed against the Internet Key Exchange (IKE) mechanism. Check Point IPsec VPN implements a unique solution for IKE DoS, requiring that unknown gateways solve a computationally-intensive problem before allowing them to connect.

Multiple Remote Access VPN Connectivity Modes

Check Point IPsec VPN provides various modes to address a variety of connectivity and routing issues faced by remote users, including:

  • Office mode:  Addresses routing issues between the client and the gateway by encapsulating IP packets with the remote user’s original IP address, thereby enabling users to appear as if they were “in the office” while connecting remotely. Office mode also provides enhanced anti-spoofing by ensuring that the IP address encountered by the gateway is authenticated and assigned to the user.
  • Visitor mode: Enables employees to access resources while they are working at a remote location such as a hotel or a customer office, where Internet connectivity may be limited to Web browsing using the standard HTTP and HTTPS ports.
  • Hub mode: Enables rigorous, centralized inspection of all client traffic.  This eliminates the need to deploy security functions to multiple offices and gives employees secure client-to-client communications such as Voice over IP (VoIP) or Internet conferencing using applications like Microsoft NetMeeting.

Integrated into the Check Point Infiniity Architecture

IPsec VPN is integrated into the Check Point Infinity Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.

Multiple VPN Creation Methods

IPsec VPN supports the creation of VPNs via multiple methods, including:

  • Route-based VPNs:  Administrators set VPN rules to define which traffic should be encrypted, enabling the creation of complex large-scale site-to-site VPNs in dynamic environments. Route-based VPNs also support the extension of dynamic routing and multicast communities across VPNs.
  • Domain-based VPNs:  Administrators identify the resources behind the gateway  for which VPN traffic should be encrypted.

Flexible Remote Access Support

Every enterprise has unique requirements for Remote Access. IPsec VPN offers a comprehensive set of remote access VPN client choices that allow you to design a solution that meets your specific needs.

  • Windows
  • Mac OS X
  • Linux
  • iOS
  • Android

Learn More

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO