Check Point 1100 Appliances Frequently Asked Questions

Similar documents
Appliance Comparison Chart

Embedded NGX 8.1 Release Notes Post General Availability Version. November 2010

Seqrite TERMINATOR (UTM) Unified Threat Management Solution.

Unified Threat Management

Appliance Comparison Chart

NSG100 Nebula Cloud Managed Security Gateway

NSG50/100/200 Nebula Cloud Managed Security Gateway

Check Point Appliance

Security Quick Sales Guide

Security with Passion. Endian UTM Virtual Appliance

Check Point Virtual Systems & Identity Awareness

Appliance Comparison Chart

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

UTM Content Security Gateway CS-2001

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Unified Threat Management

Quick Installation Guide

Gigabit SSL VPN Security Router

Data Sheet AT&T VPN Gateway 8300

Secure and Always Online Networking for Small- to Medium-sized Businesses

Check Point 4400 Appliance

Meraki MX Family Cloud Managed Security Appliances

Quick Sales Guide. Security

Meraki MX Family. Overview

Cisco RV110W Wireless-N VPN Firewall

Cisco RV180 VPN Router

MikroTik, A Router for Today & Tomorrow

Check Point 4800 Appliance

SECURITY FOR SMALL BUSINESSES

WatchGuard XTMv Setup Guide

Check Point Appliance

User Guide TL-R470T+/TL-R480T REV9.0.2

CHECK POINT TOTAL SECURITY APPLIANCES. Flexible Deployment. Centralized Management.

Meraki MX Family Cloud Managed Security Appliances

All-in one security for large and medium-sized businesses.

CounterACT 7.0 Single CounterACT Appliance

McAfee NGFW Installation Guide for Firewall/VPN Role 5.7. NGFW Engine in the Firewall/VPN Role

USG310/210/110. Benefits. Always online. Protection and optimization. Next Generation Firewall (NGFW) for small and medium-sized businesses

Comodo Korugan Software Version 1.8

Gigabit Content Security Router CS-5800

What is the main purpose for the Security managementserver?

CONFIGURING AND DEPLOYING THE AX411 WIRELESS ACCESS POINT

Level 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V2 Page 1 of 16

LevelOne. Quick Installation Guide. WHG series Secure WLAN Controller. Introduction. Getting Started. Hardware Installation

H3C AR18 Series Branch Access Routers Introduction. Date: Security Level: Normal H3C Technologies Co., Limited.

MTA_98-366_Vindicator930

Security Gateway 80 R Administration Guide

Grandstream Networks, Inc. GWN7000 Command Line Guide

KX/3G ADSL2+ ROUTER MAIN FEATURES

Meraki Z-Series Cloud Managed Teleworker Gateway

DrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

SonicOS Enhanced Release Notes

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

Next Generation Firewalls For Your Network Security

Check Point Appliance

Peplink SD Switch User Manual. Published on October 25th, 2018

High Availability Synchronization PAN-OS 5.0.3

Network Controller. Complete Control and Management of Public Access Networks

Peplink Balance Multi-WAN Routers

Surat Smart City Development Ltd. Surat Municipal Corporation 1

NSG50/100/200 Nebula Cloud Managed Security Gateway

Unified Threat Management

300Mbps Wireless N VDSL/ADSL Modem Router

Check Point Appliance

JURUMANI MERAKI CLOUD MANAGED SECURITY & SD-WAN

SafeStream Gigabit Multi-WAN VPN Router

Cisco CVR100W Wireless-N VPN Router with Highly Secure Business-Class Connectivity for Small Offices/Home Offices (SOHO)

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

R75.40VS. Release Notes. 20 January Protected

Chapter 5 Advanced Configuration

HySecure Quick Start Guide. HySecure 5.0

About High Availability and Active/Active Clustering

Network+ Guide to Networks 6 th Edition

Unified Services Routers

WatchGuard XTMv Setup Guide Fireware XTM v11.8

1. Introduction Firewall contains SPI technique against intrusions, attacks and DOS

AC3000 Tri-Band Wireless Gigabit Dual-WAN VPN SMB Router TEW-829DRU (v1.0r)

NSG50/100 Nebula Cloud Managed Security Gateway

ZyWALL VPN2S VPN Firewall

Gigabit Load Balance Broadband Router

Barracuda Link Balancer

FW- 525B Quick Start Guide

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

AP-51XX v r Release Notes Part Number 72E

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0

Appliance Comparison Chart

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

Configuring High Availability (HA)

Deployment Scenarios for Standalone Content Engines

Remote Access Clients for Windows 32/64-bit

Deployment Guide: Routing Mode with No DMZ

CT ac2-1n-10g LANforge WiFIRE a/b/g/n/ac 4x4 MU-MIMO 3 radio WiFi Traffic

Future-ready security for small and mid-size enterprises

Vigor2900 Series Broadband Security Router Highly integrated broadband security router, combining high-speed routing technology with a comprehensive

Next-Generation Firewall Series Datasheet

CT506 LANforge-FIRE VoIP Call Generator

CHECK POINT APPLIANCES

300Mbps Wi-Fi Router. Expand Wi-Fi Coverage. TL-WR820N 300Mbps Easy Setup IPTV IPv6

ZyWALL SBG5500/SBG3310 Series Multi-WAN Gigabit VPN Router

Transcription:

CHECK POINT SOFTWARE TECHNOLOGIES Check Point 1100 Appliances Frequently Asked Questions Table of Contents Overview:... 2 Ordering Information:... 3 Technology:... 4 Hardware:... 6 Performance:... 6 Updated April 8, 2013 2013 Check Point Software Technologies Ltd. All rights reserved. P. 1

Overview: Q. Who is the target customer for the 1100 Appliance? A. The target customers are enterprises with small remote or branch offices with from 1 to 50 employees; it can also be suitable for similar-sized small businesses: Small offices who want a simple, intuitive web-based local management interface Enterprises who have standardized on managing their entire security infrastructure including remote locations from a headquarters location using Single or Multi-Domain Security Three 1100 Appliance models are available. 1120: Ideal for remote offices with up to 10 users 1140: Ideal for remote offices with up to 25 users 1180: Ideal for remote offices with up to 50 users Q. What are differences between the Safe@, UTM-1 Edge, Series 80 and 1100 appliances? A. The following table best represents the differences: Safe@ UTM-1 Edge Series 80 1100 Network Interface Ports 6 GbE 6 GbE 10 GbE 10 GbE ADSL Yes Yes No Yes Wi-Fi Yes Yes No Yes Target Market Consumer and small office Small office Centrally managed branch office Small office and centrally managed branch office Security Architecture NGX Embedded Software Blades Software Blades NA R71.45: FW, VPN, IPS, AV, ASPM, URLF R75.20: FW, VPN, IPS, AV, ASPM, URLF, APCTL, IA Web UI Web UI & central Security Central Security Web UI & central Security Deployment Standalone Standalone & distributed Distributed Standalone & distributed High Availability None Active-Passive

Large Scale SMP (Security Portal) SmartProvisioning Q. Does this replace the Series 80 Appliance? A. Yes. Q. Does this replace the UTM-1 Edge and Safe@Office Appliances? A. No. The 1100 Appliance is targeted for enterprises with remote branch offices, where the UTM-1 Edge and Safe@Office Appliances are targeted for small businesses. However, there may be some interest in this product from the small business market segment. Q. I recently purchased a Series 80 Appliance; can I upgrade the image to get the functionality of the 1100 Appliance? A. Yes. Upgrade the license as well to benefit from Software Blades introduced with the 1100 Appliance, e.g. Identity Awareness and Application Control. Ordering Information: Q. What bundled software blade SKUs are available? A. Two are available for the 1120 model; one with Firewall and VPN and the other with Threat Prevention. The 1140 and 1180 models are available in the Threat Prevention bundle only. Q. Can I buy the 1120 Appliance Firewall package and then add additional blades? A. Yes, you can add Threat Prevention package to the 1120 Appliance. Q. I purchased an 1120 Appliance. Can I upgrade to an 1140 or 1180 Appliance? A. Yes. Q. I purchased a Threat Prevention package. Can I add additional Software Blades? A. This isn t needed as all available Threat Prevention Software Blade licenses are included in the Threat Prevention package. Q. Do I have to renew the Threat Prevention blades to get updated signatures? A. Yes. The service blades are for 1 year, two or three years. When this period ends, they must be renewed to get updates. Q. Is it possible to house 1100 Appliances side-by-side on a 19 wide rack? A. Yes, the system has been designed to accommodate this and we will add the rack mount kit accessory to the price list shortly. Q. Can I add the Advanced Networking & Clustering blade to the 1100 appliance? A. The Advanced Networking & Clustering is included. Q. Does the 1100 appliance support dynamic routing? A. Yes. Q. Will DLP and Anti-Bot be supported on the 1100? A. Anti-Bot support is on the roadmap. Currently there is no target date for DLP support.

Q. What ADSL type is available? A. ADSL2 Annex A (POTS) and ADSL2 Annex B (ISDN). Q. What are the differences between the Wi-Fi-FCCA and Wi-Fi-WORLD SKUs and which should I order? A. The FCCA SKU is for the United States. The WORLD SKU is for the rest of the world. Technology: Q. Is a management hotfix needed to manage the 1100 Appliance? A. Yes, initially for some features. See the 1100 Appliance page on the Check Point Support website for more information. The Security Server versions that operate with Check Point 1100 Appliance are versions R75.46, R76 and higher. Q. Why is the connection to the Check Point management server called asynchronous for the 1100 appliance? A. It is possible to first define the 1100 gateway on the management server without having to first establish connection between the two. This includes installing the policies on the management server even before the Series 80 gateway is actually deployed. At this point the policy is in pending mode waiting for the 1100 to pull it once it comes online. This is why we call the process asynchronous. Subsequently, periodic fetching of security policies can be done by the 1100 Appliances, in addition to standard policy push which can be set up from the management server. Q. Does the 1100 appliance support local management? A. Yes. A simplified web-based interface for local management is available. See the Administration Guide and Release Notes for more details. Q. Is GAiA the OS running on the 1100 appliance? A. Yes. But, it is an embedded version of it to allow it to run on the smaller footprint of processing power and memory. Q. Are all the standard security features in R75.20 supported on the 1100 appliance? A. Not all. For instance DLP and HTTPS inspection are not supported. Please refer to the Release Notes for updates on features and functions. Q. What is the difference in the high availability feature between the 1100 and the UTM-1 Edge appliance? A. The 1100 appliance supports full system level high availability set up between two systems in activepassive mode using Check Point ClusterXL technologies. The UTM-1 Edge appliance allows two or more systems to be set up in a chain. Each UTM device then works in a master-slave mode to send their internet (WAN) bound traffic to the master system via the Ethernet port connecting the two appliances. In the event the slave appliance loses its own WAN connection, this master-slave set up provides for a back-up. Q. Is it possible to implement ISP Redundancy on the 1100? A. Yes, an Ethernet network interface, a 3G connection using an Express Card/USB modem or a serial connection with USB or serial modem may be used to set up ISP redundancy. Q. Is SSL VPN supported on the 1100 appliance? A. Yes. The Appliance includes a Mobile Access license for 5 users. A Mobile Access license for more users is available.

Q. What remote access clients are supported? A. These clients are supported in the GA release in April: SecureClient (all versions). The 1100 Appliance does not, however, run a Policy Server. (It will work with a multi-gateway site, where another gateway is the Policy Server.) SNX (Network Mode only) L2TP (running on Windows, ios, and Mac OS X) This client support is on the roadmap: Endpoint Connect (all versions except "Endpoint Security VPN") Q. Does the concept of security servers exist in the 1100 appliance? A. No, all protections that required the concept of security servers are now supported natively in the kernel. Q. Is there any difference in the UTM functions running on 2012 Model Appliances in comparison to the 1100 appliance? A. There are a few differences. AV support is based on Stream mode only. Proactive mode is not supported. Email Security is based on IP Reputation only. Content based Anti-Spam is not supported. Please refer to the user documentation for additional details. Q. Do the 1100 Appliances support IPv6? A. IPv6 is not supported in the GA release in April. Support for IPv6 is on the roadmap. Q. What appliance configuration can be set with the USB deployment? A. The hostname, interface configuration, time zone, ntp (Network Time Protocol) configuration, SIC (Secure Internal Communication) password, Security address and the administrator user password. Q. Is the Monitoring Blade supported on the 1100 Appliance? A. When centrally managed, the 1100 Appliances are monitored like any other gateway using the Monitoring Software Blade. Q. What monitoring and tools are available in the Local Web UI? A. Security and system logs, CPU, memory and disk usage, routing, DNS lookups, ping, traceroute, packet capture and a cpinfo to provide system diagnostics to Check Point support. Q. Does the device support SNMP? A. Yes, SNMP v1/v2/v3 and sending SNMP traps. SNMP Traps settings can also be centrally managed using the Security Server using the thresholds_config utility. Q. What network connection types are available? A. Static IP, DHCP, PPPoE, PPTP, L2TP, bridge or layer 2, 3G cellular or analog modem and ADSL. Q. What DHCP options are supported? A. DNS server, default gateway, WINS, time servers, call manager, TFTP server, TFTP boot file, X-Windows display manager, Avaya IP phone, Nortel IP phone, Thomson IP phone and custom. Q. Is Hotspot captive web portal supported?

A. Yes, when enabled any user browsing from the configured interfaces will be directed to a Hotspot portal. Q. What authentication methods does the 1100 Appliance support for administrative and captive portal access? A. Users and groups that are locally defined or are defined on a remote RADIUS or Active Directory server. Hardware: Q. Can the 8 LAN ports be set up as a switch? A. Yes and they can also be set up as multiple switched groups. All of the 8 ports do not have to belong to the same group. Configuring up to 4 distinct switch groups is possible. Q. Are there any moving parts in the 1100 Appliance? A. No. There is no fan or hard disk drive, which results in a very quiet desktop security appliance. Q. Can I use the rack mount kit for just one 1100 appliance that I want housed in my rack? A. Yes. Middle mount is provided for just one appliance. Refer to the instructions in the rack mount kit for additional details. Performance: Q. What are the published performance numbers for the 1100 Appliance family? A. The performance results using just one any-any firewall policy is as follows. See the datasheet for more information. 1120 1140 1180 Recommended Users Up to 10 Up to 25 Up to 50 Firewall, 1518 byte UDP (Mbps) 750 1,000 1,500 VPN, AES-128 (Mbps) 140 175 220 Q. When customers exceed the recommended users limit, what will happen? For instance the 1120 is recommended for 10 users, so will the 11 th or 12 th user be blocked? A. No, this is a recommended number of users based upon the appliance performance capabilities and customer requirements for performance. Q. One user may generate a lot of traffic and exceed the recommended performance limit of the appliance. When the bandwidth limit is reached what will happen? Will connections still be allowed? A. Connections will still be allowed, but slower connection speeds may be noticed until the overall bandwidth drops.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback