Virtual Private Networks (VPNs)

Check Point FireWall-1's Encryption Module establishes a fully confidential communication channel over the Internet for virtual private networking. By providing data privacy over public lines, FireWall-1 ensures secure, flexible communications between remote locations around the globe, at a fraction of the cost of private leased lines.

Selective Encryption

Check Point FireWall-1 utilizes the industry-standard DES encryption algorithm and Check Point Software's FWZ1 worldwide exportable encryption algorithm. FireWall-1's 'in-place selective encryption' feature offers transmission of both plain and encrypted data between the same workstations and networks. Both DES and FWZ1 can be simultaneously deployed. Users can select the best combination of efficiency, security and speed to meet business demands while complying with government regulations worldwide.

Integrated, Easy-to-use Key Management

Check Point FireWall-1 generates and maintains all keys automatically. Using the Diffie-Hellman scheme, a pair of fully confidential public and private keys are generated for every encrypted communication. Communication with a certificate authority is also provided utilizing RSA technology. All encryption features are fully integrated for simple installation, management and control.

High Efficiency

FireWall-1 utilizes a high efficiency encryption/decryption mechanism which is augmented by its unique 'in-place' encryption. FireWall-1 encryption does not alter the communication length, maintains MTU validity and eliminates packet fragmentation, thus achieving the highest performance available over the network. Routing priorities and policies are preserved, adding to FireWall-1's efficiency.

Additional Security Measures

Anti-Spoofing

FireWall-1's Anti-Spoofing feature ensures that the interface on which a packet enters the gateway corresponds to its IP address, thus preventing the ability to gain unauthorized access by altering a packet's IP address. FireWall-1 also identifies suspicious traffic inside network segments and alerts the network manager of its occurrence.

Network Address Translation

FireWall-1's Address Translation feature conceals internal network addresses from the Internet, avoiding their disclosure as public information. In addition, this feature overcomes IP addressing limitations, including restricted IP address allocation and unregistered internal addressing schemes. FireWall-1 maintains the integrity of an organization's internal addressing schemes, mapping unregistered IP addresses with valid ones for full Internet access. FireWall-1 supports both static and dynamic address translation for maximum benefit.

Open System Architecture

FireWall-1's open architecture enables it to interface easily with related applications and external user databases. Typical application interfaces include billing and accounting packages, virus scanners, log analysis tools, etc.

Router Security Management (optional)

FireWall-1 Network Security Manager, an optional module, provides integrated management and access table control capabilities for routers from Bay Networks and Cisco Systems.