Check Point Express keeps your network safe from worms and other network- and application-layer attacks with reliable technology proven in the networks of the Fortune 100 companies.

Check Point Express includes integrated firewall, IPSec and SSL VPN, and intrusion prevention.

You're a mid-sized business-but you still have the same security issues as large enterprises. The Check Point Express line of solutions integrates a firewall, VPN, intrusion prevention and other features to provide mid-sized businesses the security they can rely on.

Time strapped administrators can simplify security management using SmartCenter Express to centrally manage all security functions.

Reliable, proven security against worms and attacks
Easy-to-use, centralized management of all security functions
Simple deployment of remote access and site-to-site VPNs

Check Point Express™ provides the most intelligent security for companies with up to 500 employees. The industry’s most comprehensive solution, it delivers “worry-free” security to businesses with limited security resources. With integrated firewall, SSL and IPSec Virtual Private Network (VPN), and intrusion prevention, Check Point Express delivers end-to-end security in a single solution. With Check Point Express, companies also receive SmartCenter™ Express, the industry standard for centralized security management, to reduce the cost and complexity of managing security.

Worms such as Slammer and Bagle have inflicted severe costs on businesses of all sizes by disrupting operations and causing IT staff to focus on remediation.
For organizations with limited IT resources, the cost is especially severe because other tasks are left undone. To secure against attacks, Check Point Express includes FireWall-1®, the market-leading firewall. It delivers integrated intrusion prevention powered by the most intelligent inspection technologies available—Application Intelligence™, Web Intelligence™, and patented stateful inspection.

SmartDefense™ technology, as part of Check Point Express, actively protects organizations from known and unknown network- and Application-layer attacks. Using Stateful Inspection and Application Intelligence, Check Point Express prevents worms from entering the network and minimizes the need for a company to make capital investments in standalone intrusion prevention systems (IPS). To ensure networks stay safe from new attacks, the optional SmartDefense Service maintains the most current preemptive security environment by providing ongoing and automatic updates to defenses, policies, and other security elements.
Web Intelligence, an optional component of Check Point Express, provides integrated protection for Web applications against common hacking techniques such as SQL injection, cross-site scripting, and directory traversal. Included in Web Intelligence is the patent-pending Malicious Code Protector, a revolutionary technology that detects and blocks buffer overflow attacks and other malicious executable code that target Web servers. Web Intelligence stops both known and unknown attacks, offering preemptive attack protection.

Stateful Inspection examines more than 150 predefined applications, services, and protocols out of the box, ensuring that the vast majority of applications used by businesses are free of threats when entering the network. Examples include

• Voice over IP (VoIP): With many companies rushing to adopt VoIP applications to lower telecommunications costs, Check Point Express offers comprehensive VoIP protocol support to secure critical business communications.

• Peer-to-peer and instant messaging: These are common attack vectors for worms and viruses. Check Point provides security for these applications by inspecting their
content or preventing them from entering the corporate network. File-trading applications can also be stopped at the VPN-1®Express gateway.

Organizations that want to implement strong authentication out of the box can use Check Point One-Click Certificates.
With an integrated Internal Certificate Authority included with Check Point Express, X.509 digital certificates can be issued to VPN-1 Express gateway and remote access users.
One-Click Certificates provide industry-standard, two-factor authentication without the complexity and expense of PKI systems.

The Internet environment demands Information access for remote employees, branch offices, or partners who may be located anywhere. Check Point Express delivers both IPSec and SSL VPNs to provide flexibility and simplicity

Check Point Express enables IT staff to quickly provision remote access for employees and partners through SSL VPNs. Check Point SSL Network Extender™, an add-on for Check Point Express, delivers browser-based access for Web-based and other applications to employees working outside the office.
Remote users and partners may log on from home computers or other insecure devices—devices outside the control of the IT department—to access email, applications, and
other corporate resources. To ensure that these remote computers do not represent a threat, Check Point Express checks for worms, keystroke loggers, and other malicious code before they are allowed access to the network. Check Point Express can also ensure that remote users are following correct security policies, such as having up-to-date antivirus software and a personal firewall. Check Point Express provides this security by integrating Integrity™ Clientless Security, an optional module, into VPN-1 Express gateways.
Check Point Express also supports a wide range of VPN clients for businesses desiring IPSec or other client-based solutions.

VPN-1 SecuRemote

VPN-1 SecuRemote®, included with Check Point Express, encrypts and authenticates data to protect against eavesdropping and data tampering.

VPN-1 SecureClient

VPN-1 SecureClient™ extends VPN-1 SecuRemote features with a centrally managed personal firewall and advanced
management capabilities.

Microsoft L2TP VPN Clients

For Microsoft users, Check Point Express can provide secure remote accessing using a Microsoft Windows L2TP VPN client.

By defining VPN communities with One-Click VPN, organizations can set the security parameters for an entire VPN, including site-to-site and remote access—in a single step. The security administrator simply defines all Check Point Express endpoints in a community, and VPNs are automatically enabled among all gateways or between
a gateway and a remote user. As new sites are added to the community, they automatically inherit the appropriate properties and can immediately establish secure IPSec sessions with the rest of the VPN community.

In today’s regulatory environment, data privacy is paramount.
Check Point Express applies the strongest encryption algorithms available for data in transit, protecting against privacy breaches. These include

• Advanced Encryption Standard 128-256 bit
• Triple DES 56-168 bit
• Secure Socket Layer

Check Point Express comes with SmartCenter Express, which is part of Check Point’s SMART (Security Management Architecture) portfolio of solutions. SmartCenter Express manages VPN-1 Express and VPN-1 Edge™ gateways. It centrally stores and distributes the security policy to the
entire security infrastructure. Maintaining the security policy in a centralized location eliminates the need to maintain each VPN-1 Express and Edge gateway individually, thereby reducing administrative burden and errors. Administrators use SmartDashboard™, the simple user interface for SmartCenter Express, to define and manage multiple elements of a security policy: firewall security, VPNs, network address translation, Quality of Service (QoS), and VPN client security.

Check Point Express is high-availability-ready to ensure that access to company resources is reliable. Multiple gateways may be deployed in a cluster to guarantee round-the-clock network availability. If the designated primary gateway becomes unreachable, all connections are seamlessly redirected to the remaining cluster members. Also, near-linear performance gains are achieved when additional gateways are added to the cluster.

In addition, a high-availability interface enables traffic to be routed to a secondary interface or ISP link if the primary interface becomes unavailable. Ongoing connections are maintained during failover.

Check Point FloodGate-1®, an optional module, shapes VPN traffic by assigning priority to business-critical applications and users. It delivers optimized performance, enabling customers to migrate business traffic from expensive leased lines to Internet VPNs.

Check Point Express supports a range of deployment options to deliver a solution that best fits the performance needs for networks of any size.

• “Secured by Check Point” appliances come with pre-installed Check Point Express software.

• SecurePlatform™, included on the Check Point solution CD, installs a free customized, hardened operating system and Check Point software in less than 10 minutes.

• Check Point Express runs on Intel-compatible Windows and Linux servers as well as Sun Solaris servers.

Check Point Express supports a number of different enforcement modules and add-ons.

ENFORCEMENT MODULES

Additional VPN-1 Express gateways secure and connect an additional branch office.

High-Availability-Ready VPN-1 Express gateways provide a seamless way to add greater resiliency to an existing security gateway.

Performance Accelerator Cards are plug-and-play PCI add-in cards that improve the performance of existing VPN-1 Express gateways.

VPN-1 SecureServer™ provides protection for individual application servers and secures confidential client-server communications.

ClusterXL®distributes traffic between clusters of gateways to provide performance scalability.

FloodGate-1 provides policy-based Quality of Service to optimize network performance by assigning priority to business-critical applications and end users.

ADD-ONS

SSL Network Extender provides full network-level access over the Web through enhanced SSL VPN capabilities.

SmartMap™ allows security managers to validate the integrity of their security by providing a detailed, graphical map of an organization’s security deployment.

SmartUpdate™ delivers centralized software and license management for Check Point products to ensure that a consistent security policy is enforced throughout the enterprise network.

SmartDirectory enables Check Point Express to integrate with one or more LDAP-compliant directory servers.

SmartView Monitor™ enables powerful performance analysis by presenting graphical views of end-to-end performance metrics such as bandwidth, round trip time, and packet loss.

SmartCenter Express Plus extends SmartCenter Express with SmartMap, SmartUpdate, SmartDirectory, SmartView Monitor, and SmartPortal—a Web-based tool to access and
view the security policy through a browser.

Eventia Reporter™ is an optimal reporting system that delivers in-depth network security activity and event information from Check Point log data.

UserAuthority provides integrated Web security, single sign-on, and identity management for eBusiness applications.

Web Intelligence provides Web application firewall technology for Check Point products.

SYSTEM REQUIREMENTS
VPN-1 Express gateways and SmartCenter Express Platforms
Check Point SecurePlatform, Nokia IPSO, Windows 2000 Server/2003 Server, Sun Solaris 8 (32/64 bit), Solaris 9 (64 bit), Red Hat Enterprise Linux 3.0

Disk Space 300 MB
Memory 256 MB
SmartDashboard Platforms 2000/2003/XP/ME/98, Sun Solaris
Disk Space 100 MB
Memory 256 MB

Remote Access Clients* Platforms Windows 2000 /XP/2003/Pocket PC/Handheld PC 2000, Macintosh, Linux
Disk Space 20 MB
Memory 64 MB

Check Point SecurePlatform
CPU Intel Pentium II 300+ MHz or equivalent
Disk Space 4 GB hard drive, supported NICS
Memory 256 MB minimum, 512 MB recommended

For detailed information on supported platforms and system requirements please refer to http://www.checkpoint.com/products/supported_platforms/platforms_appint.html