The
Industry's Most Proven and Secure
VPN solution
The Internet
provides a flexible and cost-effective
infrastructure for extending the corporate
network to all employees and key partners.
Yet the Internet also conceals constantly
changing threats. To take full advantage
of the Internet, you must prevent
these attacks from disrupting business
communications and from compromising
internal resources.
Check Point VPN-1 Pro provides you
the most intelligent, reliable security
for stopping attacks while simplifying
business communications across the
Internet. A tightly integrated combination
of firewall, VPN and intrusion prevention,
VPN-1 Pro is built on Stateful Inspection,
Application Intelligence, and One-Click
VPN technologies. SmartCenter, Check
Point's centralized management solution,
provides unified security management
of your security infrastructure.
Simplified IPSec/SSL VPN deployment
Most intelligent application/network
layer protection
Lowered remote access/site to site
costs
Increased security reliability and
availability
Simplified centralised management
Check Point
VPN-1®Pro™ is a tightly
integrated firewall and VPN gateway
that provides comprehensive security
and remote connectivity for corporate
applications and network resources.
VPN-1 Pro combines the market-leading
FireWall-1®security suite with
sophisticated VPN technologies to
meet the demanding requirements of
Internet, intranet, and extranet VPNs
by providing secure connectivity to
corporate networks, remote and mobile
users, branch offices, and business
partners. It features the industry’s
most intelligent security inspection
technologies, Stateful Inspection
and Application Intelligence™,
providing preemptive attack prevention
against both network- and application-layer
attacks. VPN-1 Pro solutions are available
on the industry’s broadest range
of open platforms and security appliances—meeting
the price/performance requirements
of any size organization.
| COMPREHENSIVE
NETWORK AND APPLICATION SECURITY |
Check Point
VPN-1 Pro integrates access control,
authentication, and encryption to
guarantee the security of network
connections, the authenticity of local
and remote users, and the privacy
and integrity of data communications.
In addition, it is tightly integrated
with intrusion prevention capabilities,
offering advanced application protection.
VPN-1 Pro also includes an optional
Web application firewall, providing
unsurpassed protection for the Web
environment.
VPN-1 Pro
For effective enterprise perimeter,
internal, and Web security and efficient
administration, VPNs must include
integrated firewall capabilities.
VPN-1 Pro includes market-leading
FireWall-1 software to secure all
popular Internet services with Check
Point patented Stateful Inspection
technologies.
VPN-1 Pro supports more than 150 predefined
applications, services, and protocols
out of the box, including Web
applications, instant messaging, peer-to-peer
applications, Oracle SQL, RealAudio,
and multimedia services.
Application Intelligence is a set
of advanced capabilities, integrated
into VPN-1, that detect and prevent
pplication-
layer attacks. Application Intelligence
redefines the network security landscape
by evolving VPN-1 into an advanced
security gateway solution that integrates
both network and application-layer
capabilities to deliver comprehensive
attack protection. Enterprises benefit
from superior intrusion prevention
capabilities without the complexity
of managing additional devices.
Web Intelligence™
is an optional advanced Web application
firewall that is tightly integrated
into VPN-1, providing advanced Web
application security. Web Intelligence
protects Web applications from common
hacking techniques such as SQL injection,
cross-site scripting, command injection,
LDAP injection, and directory traversal.
Web Intelligence also includes Malicious
Code Protector, a patented technology
that prevents buffer overflow attacks.
Malicious Code Protector uses a unique
detection mechanism that analyses
the behaviour of malicious code, catching
attacks without the aid of signatures
and stopping both known and unknown
attacks.
VPN-1 Pro
offers comprehensive security for
VoIP applications, including Stateful
Inspection of SIP, H.323, MGCP, and
SCCP (Skinny). In addition, VPN-1
is capable of addressing complex VoIP
deployments, such as hiding gatekeepers
behind a Network Address Translation
(NAT) device. In addition, SecureXL™,
ClusterXL, and FloodGate-1can help
enterprises build a high-performance,
fault-tolerant, and prioritised voice
network.
| CONNECTIVITY
WITH SECURITY |
VPN-1 Pro
contains the most comprehensive set
of products and technologies for remote-access,
intranet, and extranet VPNs. Check
Point offers a broad range of VPN
products from which organizations
can choose to design the configuration
that best meets their requirements.
With One-Click
VPNs, large-scale VPNs can be created
with a single operation. By defining
VPN communities, organizations can
set the security parameters for an
entire VPN, such as an intranet, extranet,
or remote access deployment in one
step.
The security administrator simply
defines all VPN-1 endpoints in a community,
and VPNs are automatically enabled
among all gateways or between a gateway
and a remote user. As new sites are
added to the community, they automatically
inherit the appropriate properties
and can immediately establish secure
IPSec sessions with the rest of the
VPN community.
| ADVANCED
SITE-TO-SITE VPN CAPABILITIES |
VPN-1 Pro
is designed to extend company resources
to remote locations, no matter how
complex the environment is. VPN-1
supports VPN domains, the traditional
method of defining VPN boundaries
with a static group of IP addresses.
In addition, VPN-1 supports route-based
VPNs, in which the VPN topology is
delegated to network routing decisions.
Such flexibility gives enterprises
a powerful mechanism for providing
connectivity in complex and dynamic
networks.
Route-based VPNs allow administrators
to extend dynamic routing protocols
from headquarters to remote locations
over the VPN tunnel, improving network
and VPN managementefficiency for a
large network. Route-based VPNs also
enable directional VPNs, allowing
administrators to enforce security
policy over VPN tunnels without static
IP addresses. For constantly changing
networks, route-based VPNs are an
ideal solution. Organizations can
make frequent changes to the network
topology, such as adding an internal
network,
without having to repeatedly reconfigure
static VPN domains.
Check Point
secure VPN solutions offer a multitude
of authentication options, including
token cards, RADIUS,
and TACACS/TACACS+. In addition, OpenPKI
ensures that Check Point secure VPN
solutions are compatible
with leading PKI solutions from vendors
such as Entrust, VeriSign, and Baltimore
Technologies, enabling organizations
to manage very large IPSec VPN deployments.
VPN-1 Pro features a unique Hybrid
Mode Authentication that allows organizations
to deploy IPSec VPNs while leveraging
existing authentication schemes such
as Secure ID tokens. (Also available
from ePic Net).
Organizations that want to implement
strong authentication out of the box
can use Check Point One-Click Certificates.
With an Internal Certificate Authority
included with VPN-1 Pro, X.509 digital
certificates can be issued to VPN-1
gateways and VPN-1 SecureClient™
users. One-Click Certificates provide
industry-standard, two-factor authentication
without the complexity and expense
of PKI systems.
| SUPPORT
FOR MULTIPLE-ACCESS TECHNOLOGIES |
Every enterprise
has a unique blend of requirements
for remote access, depending on the
types of users, the mix of applications
to be accessed, and the level of endpoint
security and management control demanded.
VPN-1 Pro provides flexibility, supporting
multiple client options.
SecuRemote™
provides basic connectivity that is
easy for the user requiring occasional
remote access to IP applications.
SecureClient provides a higher level
of security by adding a centrally
managed personal firewall. Integrity.
SecureClient
offers complete remote access protection
with integrated VPN client and fully
managed endpoint security.
SSL Network Extender, a Web-browser
plug-in, conveniently provides complete
access to IP-based applications from
any Internet device. VPN-1 Pro also
supports Microsoft L2TP and Symbian
VPN clients.
VPN-1 Pro
includes Check Point SmartCenter™,
based on Security Management Architecture
(SMART)—the industry’s
most consistent and powerful management
architecture.
SmartCenter enables enterprises to
centrally define perimeter, internal,
and Web security policies, correlate
and prioritize security events, and
perform advanced monitoring and reporting,
all via a single console. This unified
architecture enables easy distribution
of security policy updates across
all gateways, ensuring consistent
policy enforcement and improving operational
efficiency.
| HIGH
PERFORMANCE AND AVAILABILITY |
As firewall
and VPN deployments become larger
and more mission-critical, performance
is a key concern. The
SecureXL framework of interfaces,
software modules, and industry standards
enables Check Point partners
and customers to build cost-effective
VPN-1 solutions to meet the most demanding
performance requirements.
Streaming technology is a set of security
and acceleration improvements that
allow packet processing to be performed
at the kernel level, significantly
improving application-layer inspection,
typically a compute-intensive task.
Combining the SecureXL framework and
streaming technology with Check Point’s
commitment to open systems delivers
industry-leading performance at the
lowest possible cost.
| NTEGRATED
VPN QUALITY OF SERVICE (QOS) |
QoS is a
requirement for any VPN deployment
where performance is important and
congestion on the Internet link may
occur. FloodGate-1 ensures optimal
performance for mission-critical VPN-1
traffic, enabling customers to migrate
critical business traffic from private
wide area networks to the Internet.
| HIGH
AVAILABILITY AND LOAD SHARING |
ClusterXL
distributes traffic of all types across
a cluster of VPN-1 Pro gateways. If
a gateway becomes unreachable, all
connections are seamlessly redirected
to the remaining cluster members.
Near-linear performance gains are
achieved when additional cluster members
are added.
Combined
with dynamic routing protocol such
as OSPF or BGP, ClusterXL delivers
the industry’s only high-availability
enforcement point with “graceful
restart.” VPN-1 Pro significantly
improves the availability of mission-critical
applications, eliminating unnecessary
“ripple effects.” These
ripple effects are caused by the changes
in routing tables when VPN-1 Pro gateways
become unavailable and can disrupt
traffic forwarding for up to tens
of minutes.
VPN Load
Distribution is a high-availability
and load-sharing solution for remote
access VPN connections. Inbound VPN
connections are distributed across
multiple VPN-1 gateways than can be
geographically distributed. If a gateway
becomes unreachable, VPN clients are
automatically connected through another
member.
If
multiple data centres are available,
remote users can be assured continued
access through the Multiple Entry
Point feature. If a primary VPN-1
gateway becomes unavailable, VPN-1
gateways at other locations are automatically
engaged to establish VPN connectivity
to the corporation.
|
