Introduction

The Check Point Next Generation suite of products provides the tools necessary for easy development and deployment of enterprise security solutions. Check Point VPN-1/FireWall-1 has been beating out its competitors for years, and the Next Generation software continues to improve the look, feel, and ease of use of this software. Most notably, there is a new security dashboard that gives security administrators a more detailed view of the Security Policy and management objects in one window. The user interface is easy to comprehend and provides optimal functionality all in one place.

With the Next Generation software, you can manage multiple firewalls from a central management server, and can now centrally manage licenses and software upgrades with the SecureUpdate application. Other useful tools in the Next Generation suite include LDAP account management, SecuRemote VPNs, bandwidth usage services, DNS/DHCP services, reporting, logging, and high availability configurations.

In this chapter we will introduce you to each of these tools, and discuss the various components of VPN-1/FireWall-1 in a little more detail. You will learn the difference between proxy firewalls, packet filtering firewalls, and the technology that Check Point Next Generation uses, called Stateful Inspection. You will become familiar with the inspection engine, which is the nuts and bolts of the software, and learn how it analyzes traffic going through the firewall.

Introducing the Check Point Next Generation Suite of Products

It seems that the Internet moves a little further into the network everyday, and along with it comes new network security and...