Checkpoint Firewall-1 - An advanced firewall for network security
Checkpoint Firewall-1 is one of the advanced firewalls used for security solutions like password managers and security apps. This article tells its working, features and price.
Checkpoint Firewall-1 is used in many high end security solutions like password managers and security apps. Versions of the firewall run on Windows NT and other operating systems.
Every system administrator will swear by Checkpoint Firewall-1. A survey revealed that it is one of the best-selling firewalls in world. Firewall-1 is basically a policy-based stateful inspection filter which comes with an integrated Network Address Translator (NAT) and a set of some non-integrated protocol specific security filters. A stateful inspection filter secures the packet filters without requiring the proxy server's overhead.
How a stateful inspection filter works?
What happens is that the original data packets move to network after passing a series of tests applied by the inspector module. If any deformation remains undetected, it easily passes through without being modified by the firewall module. Thus, these pass/fail checks are not foolproof. Stateful inspection filters make these tests more rigorous. These filters are a middle ground between application proxies and simple packet filters. They keep details of each connection. However, they lack the ability to monitor internal content of some protocols. They can only perform a cursory examination of the information in TCP layer.How Checkpoint Firewall-1 filter is highly secure?
Salient features
Support for high speed networks
Performance is paramount in high speed networks. Firewall-1 is especially designed to provide support to such networks. With the support of this firewall, companies use proxy servers in their networks to enhance internal security on low speed links.
Policy based management
To make the configuration process simpler to view and manage, Firewall-1 allows users to create protocol definitions or objects. These objects associate a name with a set of protocol identifiers like IP protocol type and port number. This makes it easier for the user to understand the configuration of this firewall and reduce mistakes as well.
Automatic address translation
When an object is defined, address translation mode is assigned to it. Once this is done, address translation rules are automatically generated for each case where an object is used. Objects are thus handled individually. Note that if the user wants, rules can be modified as well.
Client/server management
From a centralized set of management consoles, users can control multiple firewall modules. UNIX, NT computers or commercial routers like ones from Cisco or Bay Networks are needed to run firewall modules.
Firewall module synchronization
If one of the two firewalls which are running on same connection fails, the other connections will not get affected. This feature helps in load-balancing across firewalls.Interface view
The GUI of Firewall-1 is very easy to understand. As you can see in the image below, the first rule says that if the packet is from 'any' source, destination is 'monk' and services are 'any', reject the packet and alert the network administrator. The rule-based interface creates different levels of security for different groups. Users can create their own address translation rules.Services & Pricing
The price of the basic 25-user firewall is around $2000. The single gateway product supports only limited number of users and is suitable for small businesses having less IP addresses. The gateway and the console will be installed on one desktop.
The RealSecure VPN and remote authentication module costs around $100 per additional user. It protects unlimited number of internal hosts and is suitable for large organizations.
Firewall-1 has one of the best online documentations in the business. Everything from theory to application is explained in detail with examples. This is especially good for new network administrators with less prior experience. However, if you still need any telephone technical support, Checkpoint charges $400 per incident which is way too much. And in this paid telephonic conversation, a solution to your problem is not even guaranteed.
Read Xent Raptor - A superfast proxy firewall
