Introduction

Check Point's Open Platform for Security (OPSEC) model enables you to implement third-party vendor applications into your firewall environment. Based on open protocols, the OPSEC model enables vendors to easily design their applications to conform to this standard, and therefore interoperate with the VPN-1/FireWall-1 product.

You may be asking how this can benefit you, so let us provide some examples. The most notable examples are your content filtering options. You can use other vendors' virus scanners that support the CVP protocol (e.g. Aladdin's eSafe Protect Gateway) to easily implement virus scanning of SMTP mail, HTTP, and/or FTP traffic, just by adding some objects and rules to your Security Policy.

Other content-filtering applications use Web site databases, which are broken into categories, so that you can easily block your users from going to adult entertainment sites or to shopping and chat sites while on the job. Several schools that provide Internet access for their young students utilize this technology to prevent them from accessing certain categories that are considered inappropriate for children.

We will talk about other OPSEC applications, and show you how to configure CVP and UFP applications in this chapter, and also how you can use the resources available in Check Point VPN-1/FireWall-1 to implement limited content filtering without needing a third-party application.

OPSEC Applications

Realizing that no single product or vendor could address network security completely, Check Point designed the OPSEC standard to enable security managers to easily extend the functionality of VPN-1/FireWall-1 with third-party applications designed...