Advanced Next Generation Firewall in One Appliance
Proven gateway security with industry-leading firewall performance
User and machine identity awareness balance security and business need
Integrated into Check Point Software Blade Architecture
The Firewall Software Blade enables network administrators to securely control access to clients, servers and applications. With detailed visibility into the users, groups, applications, machines and connection types, the Check Point Firewall Software Blade enables network administrators to provide superior protection across the entire security gateway.
User and machine awareness balances security with business needs by enabling granular policy definitions per user and group. Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple application-based policy definition per user or group directly from the firewall. Users’ identification may be acquired in one of three simple methods:
To ensure the security of your network, you need to be able to confirm the identity of all users attempting to access it. Authentication assigns access permissions to individuals and groups, based on their level of responsibility and role within the organization. Based on the industry’s most advanced identity awareness, the Firewall Software Blade provides robust authentication capabilities to confirm the identity of all users and establish their rights and privileges. The authentication component of the Firewall Software Blade offers:
Whether computers have routable or non-routable addresses, administrators may want to conceal their real addresses, to ensure that addresses cannot be seen from outside the organization or from other parts of the same organization. A network’s internal address contains the topology of the network and therefore hiding this information greatly enhances security.
A security gateway in bridge mode operates as a regular firewall, inspecting traffic and dropping or blocking unauthorized or unsafe traffic, and is invisible to all Layer-3 traffic. When authorized traffic arrives at the gateway, it is passed from one interface to another through a procedure known as bridging. Bridging creates a Layer-2 relationship between two or more interfaces, whereby any traffic that enters one interface always exits the other. This way, the firewall can inspect and forward traffic without interfering with the original IP routing.
The IPS Software Blade delivers complete and proactive intrusion prevention — all with the deployment and management advantages of a unified and extensible next-generation firewall solution. Complementing Check Point’s firewall protection, the IPS Software Blade further secures your network by inspecting packets traversing through the gateway. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats
Control access to over 5,200 applications and 240,000 social network widgets with the industry’s largest application coverage. Create granular security policies based on users or groups to identify, block or limit usage of web applications and widgets like instant messaging, social networking, video streaming, VoIP, games and more. Enables companies the ability to balance security and business needs.
Provides granular visibility of users, groups and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.
Transforms data into security intelligence with SmartLog, an advanced log analyzer that delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.
Unified security management simplifies the monumental task of managing growing threats, devices and users by enabling views, details, and reports through a single pane of glass. Check Point’s comprehensive, centralized security management system controls all Check Point gateways and Software Blades from SmartDashboard. This intuitive graphical user interface enables IT managers to easily manage a wide set of security management functions.
Check Point Next Generation Firewall Appliances can add additional software functionality as your security needs increase. Seamlessly add software blades such as the Data Loss Prevention Software Blade.
| Appliances | Enclosure | Max 1 GbE | Max 10 GbE | FONIC | SecurityPower |
|---|---|---|---|---|---|
| 1120 NGFW | Desktop | 10 | - | No | 28 |
| 2200 NGFW | Desktop | 6 | - | No | 121 |
| 4200 NGFW | 1U | 8 | - | Yes | 121 |
| 4400 NGFW | 1U | 12 | - | Yes | 230 |
| 4600 NGFW | 1U | 12 | - | Yes | 405 |
| 4800 NGFW | 1U | 16 | 2 | Yes | 673 |
| 12200 NGFW | 1U | 16 | 4 | Yes | 811 |
| 12400 NGFW | 2U | 26 | 12 | Yes | 1185 |
| 12600 NGFW | 2U | 26 | 12 | Yes | 2050 |
| 13500 NGFW | 2U | 26 | 12 | Yes | 3200 |
| 13800 NGFW | 2U | 26 | 12 | Yes | 3800 |
| 21400 NGFW | 2U | 37 | 12 | No | 2175/2900 1 |
| 21600 NGFW | 2U | 37 | 12 | No | 2788/3300 1 |
| 21700 NGFW | 2U | 37 | 12 | No | 3300/3551 1 |
| 21800 NGFW | 2U | 37 | 12 | No | 4100/4300 1 |
| 1 With Security Acceleration Module | |||||
