|
Home
>
Rex Global Solutions
>
Check Point Solutions
> Check Point Edge
Appliances
Check Point VPN-1
Edge Applicances
Secure Connectivity for Remote
Sites and Large-scale VPN Deployments
-
Site-to-Site & Remote Access VPN
-
Stateful
Inspection Firewall
-
Large-Scale
Management Support
-
Deployment
in Minutes
-
ISP &
Gateway High Availability
-
One-Click
VPN Deployment
-
Automatic
Recovery
|
 |
VPN-1 Edge appliances
provide secure connectivity for remote sites, such as
branch, retail and partner sites. Integrating
VPN-1/Firewall-1 technology, high availability and
networking features, VPN-1 Edge is managed with Check
Point centralized management for efficient setup of
thousands of gateways.
» VPN-1 Edge Product Comparison Chart
Overview
YOUR CHALLENGE
In today’s
cost-conscious environment, companies are increasingly
turning to virtual private networks (VPNs) to connect
remote offices to applications, information and other
corporate resources. You need to efficiently deploy and
manage hundreds or thousands of VPN gateways — even
though your remote offices and retail sites often do not
have dedicated security staff. You need cost- effective,
reliable VPN gateways that integrate into your security
infrastructure and protect against increasingly
sophisticated Internet-based attacks.
OUR SOLUTION
Check Point VPN-1®
Edge™ provides secure connectivity for remote sites,
branch offices and partner sites by integrating
market-leading VPN-1/FireWall-1® technology, high
avail-ability support and networking features on a
cost-effective appliance. Ideal for large-scale VPN
deployments, VPN-1 Edge is managed by Check Point's
centralized management, for quick setup and management
of thousands of Check Point gateways. VPN-1 Edge starts
at $399 per site, enabling you to replace expensive
frame relay and private line connections with secure,
fast and reliable, broadband-based VPN connectivity.
UNMATCHED
PROTECTION
Tailored to the
needs of corporate remote sites, VPN-1 Edge safeguards
corporate resources and ensures the privacy and
integrity of data communications, by integrating access
control, user authentication and encryption into one
easy-to-use device.
Patented Stateful
Inspection Firewall
VPN-1 Edge includes
Check Point-patented Stateful Inspection technology,
providing the most secure Internet protection in the
industry. Only Check Point Stateful Inspection can track
the state and context of all network communications, to
provide truly complete network protection.
Broad Application Support
VPN-1 Edge supports
over 150 pre-defined applications, services and
protocols out of the box, including instant messaging
and peer-to-peer applications, database applications and
H.323-based services like Voice over IP (VoIP) and
Microsoft NetMeeting.
RAPID DEPLOYMENT &
MANAGEMENT
VPN-1 Edge
appliances deploy in minutes and can be centrally
managed along with other Check Point gateways through
Check Point’s centralized management, including
SmartCenter Pro™, SmartCenter Enterprise, SmartCenter
Express, SmartCenter Express Pro and Provider-1These
management products (sold separately from VPN-1 Edge)
allow you to centrally define, efficiently manage and
constantly monitor multiple Check Point gateways from a
single console. VPN-1 Edge provides secure connectivity
for remote sites and large-scale deployments.
Plug and Play Appliance
VPN-1 Edge includes
wizard-driven Web-based management for setup in minutes
by non-technical staff at the remote site. To further
ease large-scale deployments, Check Point can
pre-configure VPN-1 Edge to your specifications, for
truly “plug and play”, secure connectivity.
Key Benefits of Check
Point VPN-1 Edge Appliance
-
Secures
site-to-site/remote access communications and
network resources
-
Integrates with
centralized, large-scale management and logging
-
Allows you to
protect and connect sites in minutes with easy
set-up
-
Enables
always-on protection and connectivity
-
Optimizes
network performance through traffic shaping, based
on band-width weighted priorities, guarantees and
limits
[click for larger image]
Check Point
VPN-1 Edge provides secure connectivity for remote sites
and large-scale deployments.
One-Click VPN Deployment
Check Point
centralized management simplifies gateway setup through
One-Click VPN Communities. With VPN Communities, you
simply drag the icon representing a VPN-1 Edge appliance
and drop it into a VPN community, in the same way you
would drag and drop a file into a desktop folder. The
VPN-1 Edge appliance automatically inherits community
security parameters, receives a X.509 digital
certificate from the Check Point Internal Certificate
Authority (included with Check Point centralized
management), and can immediately establish secure IPSec
sessions with the rest of the VPN community.
Integrated Bandwidth Management
Bandwidth
management is important for remote offices where
business critical traffic such as VPN and VoIP is
competing with other non-critical traffic over a single
ISP connection. VPN-1 Edge includes comprehensive
bandwidth management that offers weighted priorities,
guarantees and limits. Weighted priorities allocate
bandwidth according to relative merit as defined by
business goals, guarantees allocate minimum bandwidth
levels to traffic that require certain service levels at
all times, and limits set bandwidth restrictions for
non-critical network applications.
Efficient Large-scale
Management
SmartCenter Pro
includes Smart Large Scale Manager (SmartLSM) for quick
provisioning and maintenance of hundreds of gateways.
After using templates to define a SmartLSM profile, you
can easily apply its security parameters and VPN/security
policy to other VPN-1 Edge gateways. For very large
deployments, the optional Security Management Portal (SMP)
module provides profile-based management of thousands of
gateways. With both SmartLSM and SMP, all gateways, even
those with dynamically assigned IP addresses,
automatically fetch the security policy from the
management server.
Always Up-to-date Security
For effective
protection against evolving threats, security software
must be kept up-to-date. Check Point SmartCenter Pro
includes SmartUpdate that lets you centrally install and
upgrade both security and operating system software.
SmartUpdate can automatically distribute software
updates, eliminating the time and cost associated with
one-at-a-time device updates while ensuring consistent,
current security across your network.
SECURE CONNECTIVITY
VPN-1 Edge protects
the privacy of data communications with strong
encryption and authentication, and supports multiple
network topologies to meet your business needs.
Optionally, VPN-1 may be used as an internal server,
providing secure connectivity to internal network
environments, such as those typified by wireless
networks.
Strong encryption and
authentication
VPN-1 Edge adheres
to the IPSec standard, automatically negotiating the use
of the strongest possible encryption and data
authentication algorithms. VPN-1 Edge can encrypt data
using AES, 3DES, and DES algorithms, and provides strong
authentication by supporting industry standard X.509
digital certificates. Optionally, through an easy-to-use
wizard, the user can generate self-signed X.509
certificates directly from the local management
interface. To further ease deployment, VPN-1 Edge can
use digital certificates provided by the Check Point
Internal Certificate Authority included with Check Point
centralized management.
Multiple topology support
Some organizations
prefer to deploy security in a hub-and-spoke topology,
sending all traffic through a primary VPN gateway. VPN-1
Edge allows you to route all traffic, even
Internet-bound traffic, through a central VPN-1 Pro
gateway before being sent to its final destination.
OPSEC-certified products such as anti-virus or URL
filtering can inspect traffic at the central site, re
moving the need to deploy such functionality to each
site. For organizations that prefer to send traffic
directly to the Internet, VPN-1 Edge also supports split
tunneling.
Flexible VLAN support
VPN-1 Edge supports
full VLAN for increased security within the local
network by segmenting the internal networks into several
virtual networks. It enables nonintrusive deployment
into an existing VLAN configuration. Port-based VLAN
allows splitting the four LAN ports into four segmented
networks. Tag-based VLAN allows VPN-1 Edge to be
connected to a switch via a VLAN trunk, thereby
expanding port density.
NON-STOP CONNECTIVITY
Keeping your
network up and running is critical to your business.
VPN-1 Edge supports gateway high availability, ISP
redundancy, and dialup backup to enable non-stop
connectivity.
Gateway high availability
VPN-1 Edge supports
a backup ISP connection and automatic failover across
two VPN-1 Edge gateways to provide always-on protection.
High availability is supported for the WAN interfaces,
allowing the primary and secondary appliances to share a
single WAN IP address for virtually uninteruppted access
from the Internet to internal servers at your network.
ISP redundancy
VPN-1 Edge supports
ISP redundancy to ensure persistent connectivity. The
DMZ port may be used as a secondary WAN port. When two
different ISPs are connected to the appliance, VPN-1
Edge will automatically pick up the connection from the
other ISP if one fails to deliver a connection.
Dialup backup
VPN-1 Edge supports
dialup backup, a cost-effective feature which provides a
primary or secondary Internet connection. You simply
connect a dialup modem (regular or ISDN) to the serial
port of the VPN-1 Edge appliance. Using the dialup modem
as a primary Internet connection is useful in locations
where broadband Internet access is unavailable. VPN-1
Edge automatically dials the modem if it detects that
the primary Internet connection has failed.
VOIP SUPPORT
VPN-1 Edge supports
the H.323 and SCCP (skinny) VoIP protocols, enabling
mission-critical voice and data to be transmitted safely
and reliably to and from your corporate network.
THE TECHNOLOGY INSIDE
VPN-1 Edge is based
on VPN-1 Embedded NG™ technology that incorporates Check
Point’s market leading firewall and VPN software
optimized for em bedded platforms. VPN-1 Embedded NG is
developed by SofaWare Technologies, a Check Point
company. SofaWare designs software for embedded
platforms and creates innovative service solutions based
on the technology.
|
