check point vpn-1 virtual edition - next generation
TRANSCRIPT
![Page 1: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/1.jpg)
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Check Point Simplifies Cloud Security
August 31, 2010
![Page 2: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/2.jpg)
22©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Agenda
1 Customer Challenges
4 Packaging and Pricing
2 Solution Overview
3 Use Cases
5 Summary
![Page 3: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/3.jpg)
33©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Server Virtualization Market Trends
► By 2012 half of the enterprise workload will be virtualized
► 60% of IT Managers claim securing virtual machines is difficult
Organizations with virtualized environments are asking for a simple solution to secure the
Virtual Machines.
![Page 4: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/4.jpg)
44©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Virtualization Security Challenges
Inspect traffic between Virtual Machines (VMs)
Secure new Virtual Machines automatically
Protection from external threats
Security Challenges in Virtual Environments
![Page 5: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/5.jpg)
55©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Hypervisor
VM VMVM
Virtualization Security Challenges
Security Challenges in Virtual Environments
![Page 6: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/6.jpg)
66©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Virtualization Security Challenges
Security Challenges in Virtual Environments (Data Center/Cloud)
Maintain zero-downtime during Virtual Machines live migration
Ensure Security in dynamic environments
![Page 7: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/7.jpg)
77©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
2.1.1.1 2.1.1.32.1.1.1
vSwitch
2.1.1.2 2.1.1.52.1.1.4
Ext
GW
Gateway is not aware of inter-vSwitch traffic
Packets not inspected inside
vSwitch
Deployments before VMsafe integration
Pkt
![Page 8: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/8.jpg)
88©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Introducing Check PointSecurity Gateway Virtual Edition (VE)
Unified Management for Physical and Virtual
Best Virtual Security Gateway with the Software Blade Architecture
Securing the Virtual Machines
Check Point Delivers Plug and Play Security for Public and Private Clouds
Starting at $2,000
Software Blades
Check Point Security Gateway
Virtual Edition
![Page 9: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/9.jpg)
99©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Secure the Virtual Infrastructure
Inter-VM Traffic Inspection Protects Virtual Machines
►Seamless security within the Hypervisor
►Integration with VMsafe technology
►Audit configuration changes in the virtualization system
VMVM VE
Hypervisor ConnectorHypervisor
![Page 10: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/10.jpg)
1010©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Check Point VESecurity Gateway
Internet vSwitch
InternalvSwitch
NICTeams
VMwareESX
VM
Database Servers
VM
Application Servers
VM
Web Servers
Internet
Service Console
ProductionLAN
ManagementLAN
VMwarevCenter
Check Point UTM-1Security Gateway
Cardholder data
Security Gateway VE with VMsafeComplete integration and awareness of VMware -
VMotion, Storage VMotion, HA and others
Protects VMs with inter-vSwitch
inspection
![Page 11: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/11.jpg)
1111©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Virtual Edition Features
Hypervisor
► Include Firewall, IPS, VPN and all other Software Blades.
► Flexible and extensible security
Best Security
Antivirus
IPS
VPN
Firewall
VM VM VE
Hypervisor Connector
Software Blades
Check Point Security Gateway Virtual Edition (VE)
![Page 12: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/12.jpg)
1212©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Virtual Edition Features
Inspecting Inter-VM Traffic
VMs Protection
► Plug and Play with no topology changes
► Securing new VMs automatically
► Zero-downtime during VMs live migration
► Include Firewall, IPS, VPN and all other Software Blades.
► Flexible and extensible security
Best Security
Hypervisor
VM VM VE
Hypervisor Connector
VM VM
![Page 13: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/13.jpg)
1313©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Virtual Edition Features
Securing Dynamic Environments
VMs Protection
► Plug and Play with no topology changes
► Securing new VMs automatically
► Zero-downtime during VMs live migration
► Include Firewall, IPS, VPN and all other Software Blades.
► Flexible and extensible security
Best Security
Hypervisor
VM VM VE
Hypervisor Connector
![Page 14: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/14.jpg)
1414©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Virtual Edition Features
► Same management for Physical and Virtual
► Running the management blades on a Virtual Machine
Unified Management
► Include Firewall, IPS, VPN and all other Software Blades.
► Flexible and extensible security
Best Security VMs Protection
► Plug and Play with no topology changes
► Securing new VMs automatically
► Zero-downtime during VMs live migration
![Page 15: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/15.jpg)
1515©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Virtual Edition Features
► Same management for Physical and Virtual
► Running the management blades on a Virtual Machine
Unified Management
► Include Firewall, IPS, VPN and all other Software Blades.
► Flexible and extensible security
Best Security VMs Protection
► Plug and Play with no topology changes
► Securing new VMs automatically
► Zero-downtime during VMs live migration
Hypervisor
VM
Hypervisor Connector
VM
Virtualizing the Management Systems
![Page 16: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/16.jpg)
1616©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Agent Agent Agent Agent Agent
2.1.1.1 2.1.1.32.1.1.32.1.1.1
Layer 2 security packet flow
vSwitch
2.1.1.2 2.1.1.52.1.1.4
Pkt
Pkt
VE
Security API
ESX Server
2.1.1.1 sends packet to 2.1.1.3
Packet is not inspected again
Packet passed firewall inspection and is sent
back to the Agent
Packet intercepted in the Agent and forwarded to the
Gateway for inspection
Pkt
Packet continues the flow from where it was
intercepted
![Page 17: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/17.jpg)
1717©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
2.1.1.2
Layer 2 security in dynamic environments
2.1.1.12.1.1.1
Security API
vSwitch
VE
Ext
Security API
vSwitch
VEExtExt
ExtExt
ESX 1 ESX 2
Sync
2.1.1.32.1.1.32.1.1.2
Pkt
Agent AgentAgentAgent
Pkt
Connection initiated from 2.1.1.1 to 2.1.1.3
![Page 18: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/18.jpg)
1818©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
2.1.1.2
Layer 2 security in dynamic environments
2.1.1.12.1.1.1
Security API
vSwitch
Agent
Ext
Security API
vSwitch
ExtExt
ESX 1 ESX 2
2.1.1.3
Agent
Sync
2.1.1.3
AgentAgentAgent
2.1.1.2
ExtExt
VM is migrating to ESX 2
Connections related with 2.1.1.3 will be marked that they are handled by ESX 1
SG VE SG VE
![Page 19: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/19.jpg)
1919©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Agent
Layer 2 security in dynamic environments
Security API
vSwitch
Agent
Security API
vSwitch
ExtExt
ExtExt
ESX 1 ESX 2
2.1.1.3
Sync
Agent
Pkt
Pkt
Pkt
2.1.1.12.1.1.1 2.1.1.2
Pkt
Packet not forwarded
Packet forwarded to
ESX 1
New connection
VE VE
Pkt
PktExisting
connection
Pkt
![Page 20: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/20.jpg)
2020©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
2.1.1.1 2.1.1.32.1.1.32.1.1.1
Anti-spoofing illustration
Security API
vSwitch
Agent Agent Agent Agent Agent
2.1.1.2 2.1.1.52.1.1.4
VE
VM 2.1.1.5Tries to spoof
With VM 2.1.1.1 IP
Packet dropped
2.1.1.1
2.1.1.1
![Page 21: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/21.jpg)
2121©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Easy Deployment
Standard Open Virtualization Format
(OVF) virtual appliance
Secure virtual environment by installing a virtual appliance
![Page 22: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/22.jpg)
2222©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Deployment - Layer 2 mode
Automatic - No network changes required
► Protects all Virtual Machines on the ESX host► Attaches fast path agent to all virtual NICs on the ESX host► Creates new vSwitch named _cp_private_vswitch ► Creates new port group named _cp_private► Connects Security Gateway VE to _cp_private port group
![Page 23: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/23.jpg)
2323©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
VM 3VM 1 VM 2 VM 5VM 4
Installation automation
2.1.1.1
Security API
vSwitch
VM 3VM 1 VM 2
SG VE
Ext
ExternalSwitch
Ext
Service Console
VM 3VM 1 VM 2 VM 5VM 4VM 3VM 1 VM 2
Agent Agent Agent Agent Agent
ESX Server
Seamless security for dynamic environments
VE installed
VE retrieves information on
VMs/Port groups/vSwitches
Event sent to VE informing of new VMs
VE attaches the Fast Path Agents on the vNICs of
the new VMs
VE attaches the Fast Path Agents on the vNICs of
the new VMs
![Page 24: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/24.jpg)
2424©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Flexible Virtual Machine security
►Bypass: Pass the packet without inspection
►Secure: Forward the packet to security gateway
►Block: Drop the packet►Monitor-only: Inspects and log
packets that would have been dropped
The Fast Path Agent configuration options
![Page 25: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/25.jpg)
2525©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Single security management
Unified administration of physical and virtualized environments
Single console to manage all firewall
rules
Single console for IPS
![Page 26: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/26.jpg)
2626©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Integration of ESX logs
VMware ESX Server logs
Logging and auditing of virtualization events
ESX logs integrated into Check Point
management
![Page 27: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/27.jpg)
2727©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Virtualized Security Scenarios
Office in a BoxUse Security Gateway Virtual Edition (VE) with firewall, IPS, VPN and Software Blade to secure your office networks and assets
VE
Hypervisor
Enterprise Security Gateways Consolidate your Security Gateways deployment into a virtualized environment
VE
Hypervisor
VE VE
Secure the Virtual EnvironmentUse Security Gateway Virtual Edition to apply granular firewall and IPS policies for inter-VM trafficHypervisor
Hypervisor Connector
VE
![Page 28: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/28.jpg)
2828©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Software Blades for Virtual Systems
+Additional Software
Blades can be added A-La-Carte
Optional
SGVExxxx
New containers for Security Gateway VE
Firewall with integrated Hypervisor protection
Based on number of physical cores
Firewall
From $2000GA: Sep 2010
![Page 29: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/29.jpg)
2929©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Pricelist
Secure Gateway Virtual Edition – Containers The following products are based on the Software Blades architecture
Security Gateway VE Container Specifications Container Price
SGVE4801
For Security Gateway VE on a Virtual System with up to 48 cores $6,000
SGVE1601 For Security Gateway VE on a Virtual System with up to 16 cores $3,000
SGVE801 For Security Gateway VE on a Virtual System with up to 8 cores $2,000
The Firewall blade is included in the Security Gateway container priceAdditional software blades can added separately Gateways are licensed based on number of available physical cores.
![Page 30: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/30.jpg)
3030©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Summary
Unified Management for Physical and Virtual
Best Virtual Security Gateway with the Software Blade Architecture
Securing the Virtual Machines
Check Point Delivers Plug and Play Security for Public and Private Clouds
Starting at $2,000
Software Blades
Check Point Security Gateway
Virtual Edition
![Page 31: Check Point VPN-1 Virtual Edition - Next Generation](https://reader033.vdocuments.mx/reader033/viewer/2022052418/587f27fe1a28ab121d8b4697/html5/thumbnails/31.jpg)
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
Thank You!