Secure VPN connectivity for remote and mobile users, branch offices
Flexibility to build the VPN solution that meets your specific needs
Integrated into Check Point Software Blade Architecture
With the comprehensive security solutions from Check Point, we not only have upgraded the security protection for our company’s entire network, but also enabled our branches and users to access the services and applications provided by our Information Center.
Zhang Hong Yang
Head of Infrastructure Network Department
Information Center of Yankuang Group
The IPSec VPN Software Blade simplifies the creation and management of complex VPNs. SmartDashboard enables administrators to define participating gateways—including third-party gateways—in large-scale VPNs. VPN gateways can be configured in minutes for both star and mesh topologies with an integrated certificate authority to manage keys.
The IPSec VPN Software Blade supports the creation of VPNs via multiple methods, including:
VPN connectivity should always be matched with a high level of security. The IPSec VPN Software Blade enables remote users, sites and partners to connect securely. Security policies may be applied to all encrypted traffic or a subset of traffic.
In addition, the IPSec VPN Software Blade provides strong security for the VPN against Denial of Service (DoS) attacks such as those directed against the Internet Key Exchange (IKE) mechanism. The IPSec VPN Software Blade implements a unique solution for IKE DoS, requiring that unknown gateways solve a computationally-intensive problem before allowing them to connect.
Every enterprise has unique requirements for remote access. The IPSec VPN Software Blade offers a comprehensive set of remote access VPN client choices that allow you to design a solution that meets your specific needs. These choices include:
The IPSec VPN Software Blade provides various modes to address a variety of connectivity and routing issues faced by remote users, including:
The IPSec VPN Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.
|Authentification Methods||Password, RADIUS, TACACS, X.509, SecurID, LDAP|
|Certification Authority||Integrated X.509 certificate authority|
|VPN Communities||Automatically sets up site-to-site connections as objects are created|
|Topology Support||Star and mesh|
|Route-based VPN||Utilizes virtual tunnel interfaces, numbered/un-numbered interfaces|
|VPN Resiliency||Multiple Entry Point (MEP), wire mode|
|VPN Route Injection||Route Injection Mechanism (RIM)|
|Site-to-site VPN Modes||Domain-based, Route-based|
|Directional VPN||Enforcement between or within community|
|IKE (Phase 1) Key Exchange||AES-128, AES-256, 3DES, DES, CAST|
|IKE (Phase 1) Data Integrity||MD5, SHA1, SHA2-256, SHA2-384, AES-XCBC|
|IKE (Phase 2) Data Encryption||3DES, AES-128, AES-256, DES, CAST, DES-40CP, CAST-40, NULL|
|IKE (Phase 2) Data Integrity||MD5, SHA1, SHA2-256, SHA2-384, AES-XCBC|
|IKE (Phase 1) & IPSec (Phase 2) Diffie-Hellman Groups||Group 1 (768 bit), Group 2 (1024 bit), Group 5 (1536 bit), Group 14 (2048 bit), Group 19 (256-bit), Group 20 (384-bit)|
|IKE (Phase 1) Options||Main, Hybrid, Aggressive mode|
|IPSec (Phase 2) Options||Perfect forward secrecy, IP compression|
|Mobile Device Support||L2TP support for iPhone, SecureClient Mobile for Windows Mobile|
|Multiple IPSec VPN Clients||Check Point Endpoint Security, Endpoint Security VPN R75, SecuRemote|