Home > Rex Global Solutions > Check Point Solutions > Check Point Firewall-1

Checkpoint Firewall-1 VPN-1 Gateway

The Challenge

With its worldwide reach, the Internet provides a flexible and cost-effective infrastructure for extending the corporate network to all employees and key business partners. In order for corporations to take full advantage of the Internet, however, they must be able to guarantee both the security of business communications and the protection of internal network resources.

In addition to security, companies extending the reach of their networks also face challenges of availability, performance, and scalability. For mission-critical applications to utilize VPN (Virtual Private Network) technologies, the VPN must provide reliable performance and seamless fault tolerance. Extranet VPNs pose the additional challenge of achieving interoperability between solutions from different vendors. Finally, all components of a VPN must be easily integrated and managed within the overall enterprise security infrastructure.

VPN-1 Gateway

Provides a scalable, high-performance solution meeting the needs of corporate networks, remote and mobile workers, and satellite offices.

The Solution

VPN-1 Gateway is a tightly integrated software solution combining the market-leading FireWall-1 security suite with sophisticated VPN technologies. The cornerstone of Check Point's Secure Virtual Network architecture, VPN-1 Gateway meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, satellite offices, and key partners. VPN-1 Gateway software may be deployed on a range of platforms for maximum flexibility and scalability.

Security

Access Control

Based on the market-leading FireWall-1, Check Point VPN-1 Gateway supports more than 150 pre-defined applications, services, and protocols out of the box. VPN-1 Gateway secures all popular Internet services, including the most commonly used applications like HTTP, SMTP, Telnet, and FTP; the entire TCP family of applications; and connectionless protocols such as UDP. In addition, VPN-1 Gateway supports important business applications such as Oracle SQL, multimedia applications such as RealAudio, and Voice over IP (VoIP) services such as H.323.

Authentication

One of the most important requirements of a VPN solution is the ability to verify the identity of the person using the VPN. Once users successfully authenticate themselves, they gain secure access to network resources such as email, internal Web servers, NT domain resources, and database applications.

Encryption

Once secure network access has been granted, a VPN solution must protect the privacy of the data being transmitted. By adhering to the IPSec standard, VPN-1 Gateway automatically negotiates the strongest possible encryption and data authentication algorithms available between communicating parties. This includes both DES and Triple DES for data encryption, and SHA-1 and MD5 for data authentication. In addition, encryption keys are updated frequently, ensuring maximum security and providing Perfect Forward Secrecy (PFS) so that older encryption keys  cannot be used to decipher more recent communications.

Public Key Infrastructure (PKI) Support

Public Key Infrastructures provide the necessary management infrastructure for large IPSec VPN deployments by enabling the use and management of keys and digital certificates. By adhering to industry standards such as X.509, PKIs also ensure the highest levels of security and interoperability as organizations expand their networks through remote access and extranet VPNs.

Interoperability Through OpenPKI

VPN-1's OpenPKI support allows customers to choose the PKI solution that best fits their needs. OpenPKI ensures that VPN-1 Gateways, as well as VPN-1 Appliances and client solutions, are compatible with all leading PKI products and services. PKI solutions from vendors such as Entrust, Verisign, Baltimore Technologies, and Netscape are being certified as part of Check Point's OPSEC (Open Platform for Security) Alliance.

Concurrent Support for Multiple Vendors Certificate Authorities

VPN-1 Gateway enables the establishment of heterogeneous extranets by supporting the simultaneous use of digital certificates from multiple CAs (Certificate Authorities). This capability is absolutely critical to successful deployment of a VPN involving multiple companies, since each company may have a different VPN solution in use. Concurrent certificate support allows a single VPN-1 Gateway to simultaneously establish multiple IPSec connections with gateways using different vendors VPN and PKI solutions.     

Scalability

Check Point VPN-1 deployments scale to accommodate large numbers of VPN nodes either users or remote sites. Because VPN-1 Gateway software runs on a variety of platforms and operating systems, organizations can choose the deployment platform that best meets their current and projected needs. Furthermore, by supporting standards-based directory and PKI infrastructures, VPN-1 solutions are able to support large, open VPN communities with minimal management overhead.

RGC Check Point Homepage

Check Point Firewall-1

 Enterprise Security

 Access Control

 Authentication

 Content Security

 Network Address Translation

 Reporting Module

 VPN-1 Gateway

 OPSEC

 RealSecure

 High Availability Module

 Firewall Resources

Comprehensive Solutions

Check Point offers a broad range of VPN products from which organizations can choose to design the configuration that best meets their requirements. Individual data sheets are available for the following products:

VPN-1 SecuRemote

Client-side encryption software to extend the enterprise VPN to desktop, remote, and mobile users

VPN-1 SecureClient

Enhanced VPN client software offering centrally managed personal firewall capabilities and security verification for all enterprise VPN users

VPN-1 SecureServer

Security and VPN connectivity designed specifically for a single application server

VPN-1 Appliances

A complete family of integrated hardware and software solutions delivering secure Internet access for all size networks

VPN-1 Accelerator Card

A plug-and-play hardware PCI card which speeds VPN performance through acceleration of IPSec encryption

FloodGate-1

Policy-based, enterprise bandwidth management solution which optimizes network performance by assigning priority to business critical traffic

Compression Server Module

Compression for business-critical data flowing between VPN-1 Gateways which significantly increases site-to-site VPN performance

High Availability Module

Seamless fail-over for mission-critical deployments through clusters of redundant gateways

VPN-1 Certificate Manager

A complete turnkey certificate management system for Check Point's VPN-1 solutions

Flexible Deployment

VPN-1 Gateway is the cornerstone of Check Point VPN-1 solutions, the most comprehensive set of products and technologies for remote access, intranet, and extranet VPN's. VPN Gateway software can run on a variety of platforms Unix and NT servers, dedicated appliances, and other networking devices to meet the needs of any VPN deployment. 

High Availability

Today's E-Business environments require a fail-safe, secure infrastructure. If a VPN gateway becomes unreachable for even a few minutes it can mean a substantial financial loss. Check Point VPN-1 Gateway offers a range of high availability solutions for business-critical VPNs.

Sophisticated Fail-Over Capabilities

VPN-1 Gateway enables high availability solutions which maintain IPSec connections during fail-over. Enhanced state table synchronization enables transparent hot standby configurations for both site-to-site and client-to-site VPN deployments. With transparent fail-over, mission-critical VPN gateways are always available and sessions continue seamlessly if a gateway becomes unavailable for any reason. In such an event, users connected to that gateway will not have to re-authenticate and will not even notice that an alternate gateway has taken over. Mission-critical operations or high-value transactions will continue intact without needing to be restarted.

Resilient Remote Access

VPN-1 Gateway, together with either VPN-1 SecuRemote or VPN-1 SecureClient, also provides a cost-efficient alternative to high availability configurations requiring redundant hardware. In multi-site VPNs, VPN-1 Gateway enables the VPN client to detect a gateway outage, and then use any available gateway to access network resources. Thus the VPN connection is established and all traffic is routed correctly through an alternate gateway with complete user transparency.

Enterprise Management

Virtual Private Networks are only one component of an organization's overall network security strategy. An effective security solution must provide the ability to define VPNs within a single, enterprise-wide security policy which can be distributed and managed from one central console. An extensible VPN solution must also be easy to deploy and administer as the number of users grows.

Check Point's intuitive graphical user interface provides a single management console for defining and managing multiple elements of a Secure Virtual Network: firewall security, VPNs, network address translation, bandwidth management, and data compression. All object definitions (e.g. users, hosts, networks, and services) are shared among all applications for efficient policy creation and security management.

Centralized Management

VPN-1 implementations are integrated into an overall enterprise security policy simply by adding one or more rules to the security rule base. Once a policy has been created or modified, it is automatically distributed to all security enforcement points.

Check Point's unified management console and automatic distributed deployment of policies dramatically increases management efficiency when compared to solutions that require either multiple management interfaces or per-device policy installation. Furthermore, overall security is strengthened because the policy is always up-to-date at all network enforcement points.