Check Point VPN-1
   HOME

TheInfoList



Click Here for Items Related To - Check Point VPN-1
OR:
Check Point VPN-1 on:   [Wikipedia]   [Google]   [Amazon]

VPN-1 is a
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
and
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
product developed by Check Point Software Technologies Ltd. VPN-1 is a
stateful firewall In computing, a stateful firewall is a network-based firewall that individually tracks sessions of network connections traversing it. Stateful packet inspection, also referred to as dynamic packet filtering, is a security feature often used in ...
which also filters traffic by inspecting the
application layer An application layer is an abstraction layer that specifies the shared communications protocols and Interface (computing), interface methods used by Host (network), hosts in a communications network. An ''application layer'' abstraction is speci ...
. It was the first commercially available software firewall to use stateful inspection. Later (1997), Check Point registered U.S. Patent # 5,606,668 on their security technology that, among other features, included stateful inspection. VPN-1 functionality is currently bundled within all the Check Point's perimeter security products. The product, previously known as FireWall-1, is now sold as an integrated firewall and
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
solution.


Platforms

The VPN-1 software is installed on a separate
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
, which provides the
protocol stack The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoco ...
, file system, process scheduling and other features needed by the product. This is different from most other commercial firewall products like
Cisco PIX Cisco PIX (Private Internet eXchange) was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment. In 2005, Cisco introduced the neweCisco Adaptive Security Appliance(Cisco ...
and
Juniper Junipers are coniferous trees and shrubs in the genus ''Juniperus'' () of the cypress family Cupressaceae. Depending on the taxonomy, between 50 and 67 species of junipers are widely distributed throughout the Northern Hemisphere, from the Arcti ...
firewalls where the firewall software is part of a proprietary operating system. Although traditionally sold as software only, VPN-1 is also sold in appliance form as Check Point's UTM-1 (starting 2006) and Power-1 appliances. Appliances run the Gaia, or Gaia Embedded operating system. As of version R80, Check Point Quantum Network Security supports the following operating systems: * Check Point Gaia Embedded (an ARM based distribution for SMB appliances); * Check Point
Gaia In Greek mythology, Gaia (; from Ancient Greek , a poetical form of , 'land' or 'earth'),, , . also spelled Gaea , is the personification of the Earth and one of the Greek primordial deities. Gaia is the ancestral mother—sometimes parthenog ...
(a Check Point Linux distribution, based on
Red Hat Enterprise Linux Red Hat Enterprise Linux (RHEL) is a commercial open-source Linux distribution developed by Red Hat for the commercial market. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version ...
, unifying IPSO and SecurePlatform into a single operating system); Previous versions of Check Point firewall supported other operating systems including Sun Solaris,
HP-UX HP-UX (from "Hewlett Packard Unix") is Hewlett Packard Enterprise's proprietary implementation of the Unix operating system, based on Unix System V (initially System III) and first released in 1984. Current versions support HPE Integrity Ser ...
and
IBM AIX AIX (Advanced Interactive eXecutive, pronounced , "ay-eye-ex") is a series of Proprietary software, proprietary Unix operating systems developed and sold by IBM for several of its computer platforms. Background Originally released for the ...
, and Microsoft Windows. See the table in the ''
Version History Software versioning is the process of assigning either unique ''version names'' or unique ''version numbers'' to unique states of computer software. Within a given version number category (e.g., major or minor), these numbers are generally assig ...
'' section below for details. VPN-1 running on the Nokia platform on IPSO was often called a ''Nokia Firewall'' as if it were a different product, but in fact it runs the same VPN-1 software as other platforms. Upon completing the acquisition of Nokia Security Appliance Business in 2009, Checkpoint started the project named Gaia aimed at merging two different operating systems—SecurePlatform and IPSO—into one. This new OS is positioned to finally replace both existing operating systems at some point in the future.Gaia project
/ref> On April 17, 2012 Check Point announced the general availability of the Gaia operating system as part of the R75.40 release.


Features

While started as pure firewall and vpn only product, later more features were added. And while they are licensed separately, they have since began to be bundled in default installations of the VPN-1 as well. SmartDefense (IPS) This feature adds to the built-in stateful inspection and inherent TCP/IP protocols checks and normalization inspection of most common application protocols. Starting NGX R70 this feature has been rebranded as IPS.
Quality of service (Floodgate-1) Checkpoint implementation of the Quality of service (QOS). It supports bandwidth guaranteeing or limiting per QOS rule or per connection. Also the priority queuing can be done (LLQ). Nevertheless, RFC based QOS implementation, be it
Differentiated services Differentiated services or DiffServ is a computer networking architecture that specifies a mechanism for classifying and managing network traffic and providing quality of service (QoS) on modern IP networks. DiffServ can, for example, be used t ...
or Ip precedence, are not supported
Content Inspection Starting with NGX R65 this new feature has been introduced providing 2 services: * Antivirus scanning - scanning of the passing traffic for viruses * Web filtering - limiting access of internal to the firewall hosts to the Web resources using explicit URL specification or category rating.


See also

*
Check Point Check Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security managem ...
*
Check Point Abra Check Point GO is a USB drive that combines an encrypted USB flash drive with virtualization, VPN and computer security technologies to turn a PC into a secure corporate desktop. By plugging Check Point GO into the USB port of a Microsoft Window ...


References


External links


www.checkpoint.com
— Check Point Software Technologies web site
www.fw-1.de
— information about VPN-1
Check Point Official ForumsCPUG: The Check Point User GroupCheck Point IPsec IKE Implementation details
{{DEFAULTSORT:Check Point Vpn-1 Computer network security