TABLE OF CONTENTS In this chapter you will learn how Check Point FireWall-1 can integrate with third-party products. Check Point does content security by pushing traffic through built-in application layer gateways. Also known as proxies, these engines allow you to actually scan and modify the data portion of TCP-based traffic.
Check Point FireWall-1 has the ability to redirect traffic to a third-party appliance for antivirus scanning. Check Point also has a product that performs antivirus scanning inside of the firewall product. Check Point certifies third-party solutions with the OPSEC (Open Platform for Security) Alliance. OPSEC-compliant antivirus scanners use the CVP (Content Vectoring Protocol) to communicate with FireWall-1. There are several interfaces available to OPSEC vendors to communicate with Check Point products.
We will cover all five proxies available to us in FireWall-1; each has unique options that allow you to further secure network environments. We will also cover internal Check Point communication and how certificates are used to secure the security products.
OPSEC (Open Platform for Security) represents Check Point s efforts to allow third-party companies to produce Check Point integrated solutions. The OPSEC Alliance is a collection of security vendors that have been OPSEC Certified by Check Point Software. There are hundreds of vendors that develop OPSEC-compliant software. A list of these products is available on the OPSEC Alliance Web site, www.opsec.com.
Check Point has made an API (Application Programming Interface) available for these companies to use to communicate with Check Point s product line. The SDK (Software Development Kit) requires knowledge...
