Call a Specialist Today! 888-785-4407

Check Point IPSec VPN Software Blade
Provides secure connectivity to corporate networks for remote and mobile users, branch offices and business partners.

The Check Point IPSec VPN Software Blade

The Check Point IPSec VPN Software Blade provides secure connectivity to corporate networks for remote and mobile users, branch offices and business partners. The Software Blade integrates access control, authentication and encryption to guarantee the security of network connections over the public Internet.


Check Point Product
Check Point Security Gateway Blades
IPSEC VPN Blade
*The purchase of a Security Gateway container is required per user
#CPSB-VPN
List Price: $1,540.00
Our Price: $1,240.00
Check Point Security Gateway Blades for High Availability
IPSEC VPN Blade for High Availability
*The purchase of a Security Gateway container is required per user
#CPSB-VPN-HA
List Price: $1,230.00
Our Price: $990.00

Benefits:

Secure VPN connectivity for remote and mobile users, branch offices

  • Simple, centralized management of remote access and site-to-site VPNs
  • Enhanced IPSec VPN security against Denial of Service (DoS) attacks
  • Security policy may be applied in varying degrees based on encryption level

Flexibility to build the VPN solution that meets your specific needs

  • Multiple remote access VPN connectivity modes to support road warriors
  • Comprehensive set of remote access VPN client choices
  • Multiple VPN creation methods, including route-based and domain-based VPNs

Integrated into Check Point Software Blade Architecture

  • Simple activation of IPSec VPN on any Check Point security gateway
  • Centralized logging and reporting via a single console

Features:


Simplified Site-to-Site Virtual Private Network (VPN)

The IPSec VPN Software Blade simplifies the creation and management of complex VPNs. SmartDashboard enables administrators to define participating gateways—including third-party gateways—in large-scale VPNs. VPN gateways can be configured in minutes for both star and mesh topologies with an integrated certificate authority to manage keys.

Multiple VPN Creation Methods

The IPSec VPN Software Blade supports the creation of VPNs via multiple methods, including:

  • Route-based VPNs:  Administrators set VPN rules to define which traffic should be encrypted, enabling the creation of complex large-scale site-to-site VPNs in dynamic environments. Route-based VPNs also support the extension of dynamic routing and multicast communities across VPNs.
  • Domain-based VPNs:  Administrators identify the resources behind the gateway  for which VPN traffic should be encrypted.

Enhanced IPSec VPN Security

VPN connectivity should always be matched with a high level of security. The IPSec VPN Software Blade enables remote users, sites and partners to connect securely. Security policies may be applied to all encrypted traffic or a subset of traffic.

In addition, the IPSec VPN Software Blade provides strong security for the VPN against Denial of Service (DoS) attacks such as those directed against the Internet Key Exchange (IKE) mechanism. The IPSec VPN Software Blade implements a unique solution for IKE DoS, requiring that unknown gateways solve a computationally-intensive problem before allowing them to connect.

Flexible Remote Access Support

Every enterprise has unique requirements for remote access. The IPSec VPN Software Blade offers a comprehensive set of remote access VPN client choices that allow you to design a solution that meets your specific needs. These choices include:

  • Check Point Endpoint Security:  a complete endpoint security solution
    • IPSec VPN client
    • desktop firewall
    • Network Access Control (NAC)
    • program control
    • antivirus and anti-spyware
    • full disk encryption
    • port protection and other data security features
    • managed by Endpoint Policy Management Blade
  • Endpoint Security VPN R75
    • Windows IPSec VPN client
    • desktop firewall
    • compliance checks
    • remote connection enhancements
    • managed by Network Policy Management Blade
  • SecuRemote
    • free Windows IPSec VPN Client
  • SecureClient Mobile
    • SSL VPN client for Windows Mobile phones
  • Check Point GO
    • secure virtual workspace on an encrypted USB drive with an integrated VPN client
  • L2TP Support
    • for clients with Layer 2 Tunneling Protocol (L2TP) VPN support

Multiple Remote Access VPN Connectivity Modes

The IPSec VPN Software Blade provides various modes to address a variety of connectivity and routing issues faced by remote users, including:

  • Office mode:  Addresses routing issues between the client and the gateway by encapsulating IP packets with the remote user’s original IP address, thereby enabling users to appear as if they were “in the office” while connecting remotely. Office mode also provides enhanced anti-spoofing by ensuring that the IP address encountered by the gateway is authenticated and assigned to the user.
  • Visitor mode: Enables employees to access resources while they are working at a remote location such as a hotel or a customer office, where Internet connectivity may be limited to Web browsing using the standard HTTP and HTTPS ports.
  • Hub mode: Enables rigorous, centralized inspection of all client traffic.  This eliminates the need to deploy security functions to multiple offices and gives employees secure client-to-client communications such as Voice over IP (VoIP) or Internet conferencing using applications like Microsoft NetMeeting.

Integrated into Check Point Software Blade Architecture

The IPSec VPN Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.

Specifications:


 Feature Detail
Authentification Methods Password, RADIUS, TACACS, X.509, SecurID
Certification Authority Integrated X.509 certificate authority
VPN Communities Automatically sets up site-to-site connections as objects are created
Topology Support Star and mesh
Route-based VPN Utilizes virtual tunnel interfaces, numbered/un-numbered interfaces
VPN Resiliency Multiple Entry Point (MEP), wire mode
VPN Route Injection Route Injection Mechanism (RIM)
Site-to-site VPN Modes Domain-based, Route-based
Directional VPN Enforcement between or within community
IKE (Phase 1) Key Exchange AES-256, 3DES, DES, CAST
IKE (Phase 1) Data Integrity MD5, SHA1
IKE (Phase 2) Data Encryption 3DES, AES-128, AES-256, DES, CAST, DES-40CP, CAST-40, NULL
IKE (Phase 2) Data Integrity MD5, SHA1
IKE (Phase 1) & IPSec (Phase 2) Diffie-Hellman Groups Group 1 (768 bit), Group 2 (1024 bit), Group 5 (1536 bit), Group 14 (2048 bit)
IKE (Phase 1) Options Aggressive mode
IPSec (Phase 2) Options Perfect forward secrecy, IP compression
Mobile Device Support L2TP support for iPhone, SecureClient Mobile for Windows Mobile
Multiple IPSec VPN Clients Check Point Endpoint Security, Endpoint Security VPN R75, SecuRemote

Pricing Notes:

Check Point Product
Check Point Security Gateway Blades
IPSEC VPN Blade
*The purchase of a Security Gateway container is required per user
#CPSB-VPN
List Price: $1,540.00
Our Price: $1,240.00
Check Point Security Gateway Blades for High Availability
IPSEC VPN Blade for High Availability
*The purchase of a Security Gateway container is required per user
#CPSB-VPN-HA
List Price: $1,230.00
Our Price: $990.00