Check Point Firewall Administration R81.10+: A practical guide to Check Point firewall deployment and administration

BIRMINGHAM—MUMBAI

Check Point Firewall Administration R81.10+

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Preet Ahuja

Senior Editor: Shazeen Iqbal

Content Development Editor: Romy Dias

Technical Editor: Shruthi Shetty

Copy Editor: Safis Editing

Project Coordinator: Ashwin Dinesh Kharwa

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Nilesh Mohite

Senior Marketing Coordinator: Hemangi Lotlikar

First published: August 2022

Production reference: 1040822

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80107-271-7

www.packt.com

To my parents. It’s all your fault 😊

Foreword

One of my colleagues recently told me that no matter when you get into an industry, you’re always getting in on the ground floor of something. For me, that something ended up being the early days of Check Point FireWall-1, and what ultimately became the cyber security industry.

I’ve seen Check Point’s various products and services grow and change over the last 26 years. I’ve helped a lot of people make the best use of Check Point products, both directly and indirectly, including writing my own Check Point books in the early 2000s. While a lot has changed since, including Check Point’s corporate logo, the core philosophy behind every Check Point product and service has not.

These days, you need a lot more than just network firewalls to Secure Your Everything. Even so, firewalls still play a critical role in most environments by defining boundaries between both private and public networks, enabling controlled access to network resources, blocking malicious content, and preventing both data exfiltration and the unauthorized use of systems.

In the 20 years since Essential Check Point FireWall-1 NG was published, I’ve been asked numerous times if I was going to write another book on Check Point firewalls. If I were going to do so, I’d probably take the approach that Vladimir has taken in this book. There are concise explanations of the essential features of the Check Point Quantum Security Gateway and Management products, along with step-by-step instructions and annotated screenshots!

If you’re just getting started with deploying Check Point Quantum Security Gateways, or you’re trying to refresh your knowledge, this book is a great place to start. There’s also CheckMates (https://community.checkpoint.com), Check Point’s official cyber security community, which is full of additional learning resources and discussions to help those who want to continue their learning on Check Point after finishing this book.

Dameon D. Welch (a.k.a. PhoneBoy) Cyber Security Evangelist Check Point Software Technologies, Ltd.

Contributors

About the author

Vladimir Yakovlev, CISSP, is an infrastructure and security solutions architect and CTO at Higher Intelligence LLC., with over 20 years of Check Point experience.

He is recognized as a champion in the ISC2 and Check Point CheckMates communities and has been awarded Member of the Year and Contributor of the Year designations by peers, while also speaking at regional and international conferences.

Vladimir has previously held the roles of Sr. V.P. of Technology and CISO, responsible for the design, implementation, and operation of multiple iterations of secure and resilient infrastructures in the financial industry.

He enjoys helping others in the field of cybersecurity and can often be found in the CheckMates, LinkedIn, and ISC2 communities.

This project wouldn’t have happened without the encouragement and help from two authors of previous books dedicated to Check Point: Dameon D. Welch (a.k.a. PhoneBoy), my Technical Reviewer, and Timothy Hall, who went above and beyond in engaging with me in deep-dives on a multitude of subjects and sanity checks. Thank you both!

Huge thanks to all members of the Packt editing team and, especially, Romy Dias.

Last but not least, to my family, who tolerated my virtual absence for a year, and, specifically, to my son, Sam Yakovlev. He was (against his will) subjected to the first technical reading of this book, and is mainly responsible for defending the dignity of the English language (and the Oxford comma) from me.

About the reviewer

Dameon D. Welch, widely known as PhoneBoy, is a Cyber Security Evangelist for Check Point Software Technologies. He is the public face of CheckMates, the Check Point cyber security community.

A recognized industry security veteran, with more than two decades of experience, Welch is best known for his creation of the PhoneBoy FireWall-1 FAQ in the mid-1990s. It was used by Check Point and thousands of its customers worldwide. He is also the author of Essential Check Point FireWall-1 NG: An Installation, Configuration, and Troubleshooting Guide.

I’d like to thank everyone who has supported and encouraged me over the years.

Table of Contents

Preface

Part 1: Introduction to Check Point, Network Topology, and Firewalls in Your Infrastructure and Lab

Chapter 1: Introduction to Check Point Firewalls and Threat Prevention Products

Technical requirements

Learning about Check Point's history and the current state of the technology

In the beginning, there was FireWall-1

Check Point today

Understanding the Check Point product lineup and coverage

Introducing the Unified Management concepts and the advantages of security product consolidation

Familiarization with the Security Management Architecture (SMART)

Determining how we learn

Navigating the Check Point User Center

Summary

Further reading

Chapter 2: Common Deployment Scenarios and Network Segmentation

Understanding your network topology

Common topology scenarios and exercises

Learning about network segmentation

User network segmentation

North-South and East-West

Protecting the core

Protecting the perimeter

Sizing appliances for new implementations and determining load on current systems

Summary

Further reading

Chapter 3: Building a Check Point Lab Environment – Part 1

Technical requirements

Lab topology and components

Lab topology

Lab components

Downloading the prerequisites

Downloading Oracle VirtualBox and the VirtualBox extension pack

Downloading the Windows Server ISO

Installing Oracle VirtualBox

Installing the VirtualBox extension pack

Deploying the VyOS router

Summary

Chapter 4: Building a Check Point Lab Environment – Part 2

Technical requirements

Creating a Windows base VM

Creating a Windows Server base VM in the GUI

Windows Server base image scripted

Finalizing the Windows Server base VM installation

Creating a Check Point base VM

Check Point base image scripted

Finalizing the Check Point base VM installation

Creating linked clones

Preparing cloned Windows hosts

Preparing cloned Check Point hosts

Summary

Part 2: Introduction to Gaia, Check Point Management Interfaces, Objects, and NAT

Chapter 5: Gaia OS, the First Time Configuration Wizard, and an Introduction to the Gaia Portal (WebUI)

Technical requirements

Learning about Gaia's roots – a historical note

Using the First Time Configuration Wizard

Using the FTW for the primary management server

First Time Configuration Wizard for gateways

First-time configuration using the CLI

Rerunning the FTW

Introduction to the Gaia Portal (WebUI)

Toolbar

Navigation tree

Widgets and status bar

Summary

Chapter 6: Check Point Gaia Command-Line Interface; Backup and Recovery Methods; CPUSE

Learning about the Check Point Gaia CLI

Introduction to Expert mode

Configuring Gaia using CLISH

Saving Gaia configuration, backups, snapshots, and migration tools

Gaia OS-level configuration backup

System backup

Snapshots

Server migration tools

Saving and loading the configuration

Saving the configuration to a file

Loading the configuration

Offline configuration editing and comparison

Using CPUSE

CPUSE in WebUI

CPUSE in the CLI

CPUSE in offline mode

Summary

Chapter 7: SmartConsole – Familiarization and Navigation

Technical requirements

Introduction to the SmartConsole application and Demo Mode

Installing the SmartConsole application

Initializing Demo Mode

SmartConsole components, capabilities, and navigation

Global toolbar

Session management toolbar

Objects bar and the Validations and Session panes

Logged-in administrator's pending changes or publish status

Management server(s) status and actions

Task information area

The WHAT'S NEW popup recall and management script CLI and API

Summary

Chapter 8: Introduction to Policies, Layers, and Rules

Access Control policies, layers, and rules

Policies

Layers

Rules

Packet flows and acceleration

Inspection chains

Content inspection

Best practices for Access Control rules

Threat prevention exemptions

Column-based matching

APCL/URLF layer structure

Actions and user interactions (UserCheck)

Content Awareness

Logs, tracking depth, and oddities

Oddities – CPEarlyDrop and insufficient data passed

Summary

Chapter 9: Working with Objects – ICA, SIC, Managed, Static, and Variable Objects

Working with objects

Object categories

Static and variable object categories

Introduction to Internal Certificate Authority and Secure Internal Communication

Internal Certificate Authority

Secure Internal Communication

Gateways and servers

Activation keys

Creating a gateway cluster

Anti-Spoofing

Creating networks and Host objects

Networks

Hosts

Variable objects

Dynamic objects

Zones (conditional)

Domains

Updatable objects

Access roles

Variable objects in DevOps and DevSecOps

Summary

Chapter 10: Working with Network Address Translation

The need for NAT

NAT policies, rules, and processing orders

Automatic NAT

Automatic static NAT

Automatic dynamic NAT

Preventing unnecessary NAT

When NAT is not enough

Many-to-less

Manual static NAT

NAT pools

Bells and whistles

NAT logging

Summary

Part 3: Introduction to Practical Administration for Achieving Common Objectives

Chapter 11: Building Your First Policy

Defining the access control policy structure

Creating rules for the firewall/networking layer

Defining hosts for broadcast addresses

Creating rules for DHCP traffic

Configuring rules for noise suppression

Configuring rules for core services

Configuring rules for privileged access

Rules that have corresponding entries with an empty threat prevention profile

Configuring internal access rules

Configuring DMZ access rules

Configuring rules for access to updatable objects

Configuring rules for probes

Non-optimized rules

Creating the APCL/URLF layer and rules

Enabling APCL/URLF in the properties of the cluster

Creating an outbound CA certificate for HTTPS inspection and enabling HTTPS Inspection in the properties of the cluster

Configuring the HTTPS Inspection policy

Distributing and installing the outbound CA and ICA certificates to the client machines

Changing the website categorization to Hold mode

Using Identity Awareness and access roles

Preparing Active Directory for integration with Identity Awareness

Enabling Identity Awareness and browser-based authentication

Creating and using access roles

Testing access role-based rules

Summary

Chapter 12: Configuring Site-to-Site and Remote Access VPNs

An introduction to site-to-site VPN capabilities

Configuring a remote gateway and creating its policy

Building a site-to-site VPN using gateways managed by the same management server

Star community – To center only

Star community – To center or through the center to other satellites, to Internet and other VPN targets

Changing portals’ URLs and renewing a gateway cluster certificate

An introduction to Check Point remote access VPN solutions

Configuring a remote access IPSec VPN

Cloning a policy

Creating local user templates, groups, users, and access roles

Configuring a gateway or cluster for remote access

Configuring global properties for remote access

Configuring a VPN community for remote access

Configuring access control policy rules for remote access

Configuring a DHCP server for a remote access Office Mode IP range

Preparing remote client

Testing a remote access VPN

Summary

Chapter 13: Introduction to Logging and SmartEvent

Logging into a single security domain

Configuring logging on gateways or clusters

Security management servers or log servers

Logging with management high availability or log servers

Strategies for the effective use of management high availability and log servers

Smart-1 Cloud

Introduction to SmartEvent

Initial configuration

Views

Events

Security incidents

Reports

Automatic reactions

Summary

Chapter 14: Working with ClusterXL High Availability

ClusterXL in HA mode

Virtual MAC

Cluster member priority

Network interfaces

Critical devices

Cluster Control Protocol, Full Sync, and routing synchronization

Cluster member states

Failover

Edge cases

Recovery

ClusterXL HA failover simulations

Manual failover test

Catastrophic failure and recovery simulation

Conclusion

Alternative preferred HA options

Summary

Chapter 15: Performing Basic Troubleshooting

Troubleshooting constraints and your actions

Typical issues and the tools to solve them

Troubleshooting prerequisites

Stability issue troubleshooting example

Troubleshooting intermittent issues

Troubleshooting connectivity issues

Service Requests – getting them right every time

TAC and JHFAs

Community resources and engagements

Postmortems and lessons learned

Summary

Appendix: Licensing

Licensing

Containers and blades

Licensing for gateways

Licensing for management servers

Central and local licenses

License activation

Offline activation

Licensing options for hardware appliances

Evaluation licenses for the lab

SmartUpdate and additional information

Other Books You May Enjoy

Preface

Check Point Firewall Administration R81.10+ was written to help security administrators develop the necessary skills for effective deployment and operation of Check Point firewalls or high-availability clusters to improve network segmentation, configure site-to-site or remote access VPNs, and implement airtight access control policies.

Who this book is for

This book is for those new to Check Point firewalls or those who are catching up to the current R81.10++ releases. Although intended for information/cybersecurity professionals with some experience in network or IT infrastructure security, it may also be helpful for IT professionals looking to shift their career focus to cybersecurity. Some familiarity with Linux and bash scripting is a plus.

It may also be useful for technical decision makers as a tool to take Check Point firewalls for a spin before committing resources to proof of concept or in anticipation of purchasing the product. Your security administrators will be better prepared for Proof of Concept (PoC) or implementation after reading it and building their own lab prior to undertaking formal training and certification.

What this book covers

Chapter 1, Introduction to Check Point Firewalls and Threat Prevention Products, covers the evolution of Check Point security products and capabilities, security management architecture, and the creation of a user account to access relevant software and information.

Chapter 2, Common Deployment Scenarios and Network Segmentation, looks at firewall placement in common network topologies, network segmentation, as well as performance and capacity assessments of existing firewalls.

Chapter 3, Building a Check Point Lab Environment – Part 1, delves into lab topology, components, software, and resources, as well as looking at the installation of Oracle VirtualBox, deployment, and describing a process configuration of a virtual router.

Chapter 4, Building a Check Point Lab Environment – Part 2, explains creating Windows Server and Check Point base images and creating and preparing linked clones for the rest of the lab components.

Chapter 5, Gaia OS, the First Time Configuration Wizard, and an Introduction to the Gaia Portal (WebUI), introduces Gaia, the operating system in use by Check Point management servers and gateways. This chapter also covers the First Time Configuration Wizard and Gaia web interface.

Chapter 6, Check Point Gaia Command-Line Interface; Backup and Recovery Methods; CPUSE, covers accessing and using the Check Point Gaia command-line interface and expert mode shells. Backup and recovery options and Check Point Update Service Engine are also covered.

Chapter 7, SmartConsole – Familiarization and Navigation, provides a detailed examination of SmartConsole features, components, and capabilities and teaches you being comfortable with the Check Point primary management interface.

Chapter 8, Introduction to Policies, Layers, and Rules, covers policy packages, blades (features) used in Access Control policies, and their use in layers. The chapter also looks at policy organization methods, rules’ structure and capabilities, and their placement based on the packet flows and use of acceleration technology.

Chapter 9, Working with Objects – ICA, SIC, Managed, Static, and Variable Objects, looks at the Internal Certificate Authority and Secure Internal Communication and how these factor into the creation of other Check Point managed objects. The chapter also looks at creating your first high-availability cluster and the rest of the objects for lab components, learning about different object types and their properties.

Chapter 10, Working with Network Address Translation, introduces network and port address translation using automatic and manual NAT options. The chapter goes on to look at the use of NAT in object properties, policies, and rules, and additional relevant configuration options, as well as NAT logging and interpretation of NAT log data.

Chapter 11, Building Your First Policy, defines policy structure while accounting for the most common scenarios likely to be encountered in any infrastructure. The creation of rules and, when necessary, additional objects is also covered, as is expanding a policy’s capabilities and granularity by enabling additional features, rules, and objects.

Chapter 12, Configuring Site-to-Site and Remote Access VPNs, looks at configuring VPNs for communication with peers, data, or service providers as well as implementing remote access capabilities using Check Point IPSec VPN features. The chapter also looks at utilizing Access Roles for granular remote access.

Chapter 13, Introduction to Logging and SmartEvent, explains how logging works in Check Point, and how to use different configuration options to best address your infrastructure's logging requirements. The chapter also introduces SmartEvent, which simplifies the work of Check Point administrators by providing enhanced views, reporting capabilities, and automated reactions.

Chapter 14, Working with ClusterXL High Availability, provides an explanation of the ClusterXL HA mechanism, operating a fault-tolerant cluster, and alternative Check Point offerings for high availability and load sharing.

Chapter 15, Performing Basic Troubleshooting, looks at troubleshooting constraints and your actions. The chapter introduces typical issue categories, approaches, and tools helpful for solving them. It also looks at initiating and handling service requests interaction with Check Point Technical Assistance Centers. The chapter goes on to detail resources available from, and interaction with, the CheckMates user community.

Appendix, Licensing, introduces Check Point licensing terminology, specific information for management servers and gateways, and licensing for a lab environment.

To get the most out of this book

You will need a Windows 10 or 11 PC with 24-32 GB of RAM and approximately 200 GB of free disk space to replicate the VirtualBox lab environment described in the book. If you are experienced in and prefer to use different virtualization platforms, adapt virtual hardware and networking requirements for the lab to a platform of your choice. All software required for the labs is available in free, trial, or evaluation versions. You will be required to register on some of the vendors’ portals for access to their products.

Additional software includes VirtualBox, PuTTY, WinSCP, and Notepad++ and you’ll be instructed to install them on relevant physical or virtual hosts throughout the book.

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

If you are using the digital version of this book, I suggest viewing it in two-page, side-by-side format. This will make it easier to process text referencing screenshots, commands, or code on adjacent pages. Alternatively, download the PDF with figures, referenced later in this document, and use it to look up information referenced in the text.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Check-Point-Firewall-Administration-R81.10-. If there’s an update to the code, it will be updated in the GitHub repository.

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/ImE2Y.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, CLI menu choices, commands, and user input. Here is an example: When logged in to CPCM1, execute the command, set expert-password.

A block of code or sequential uninterrupted commands is set as follows:

add host name host_test1 ip-address 10.0.0.111

add host name host_test2 ip-address 10.0.0.112

add host name host_test3 ip-address 10.0.0.113

When commands are shown in the context of a particular shell, are interactive, or are combined with step descriptions, they are shown like this:

# Step 1

show installer packages recommended

# Note the Display name of the package you are interested in.

# Step 2

show installer package  

# [press spacebar and then press the Tab key]

# Note the Num(ber) corresponding to the Display name of the package from step 1.

Any command-line input or output is written as follows:

CPXXX> show date

Date 02/02/2022

CPXXX > show time

Time 18:19:17

$ cd css

Bold indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: Once the Plugins Admin window is opened, scroll down until you see Compare and check the checkbox.

Italics indicates either internal or external references, such as "In Chapter 7, SmartConsole – Familiarization and Navigation, we saw how to do that using the management CLI. It is also used to denote a specific keypress, such as press Enter."

Additionally, italics are used to indicate an emphasis on specifics, such as in the following sentence: "Even though the domain objects are defined, created, and modified in SmartConsole, we must use associated CLI tools on the gateways where the policies containing these objects are installed, and not on the management server."

[#], [A], and [a] indicate the numerical or letter-based points of interest in figures (screenshots), typically referencing screenshots following the text, unless explicitly noted otherwise, as follows:

To illustrate how to create additional server objects (also referred to as a Check Point Host object), let’s click on the New icon [1] in the Actions menu of the GATEWAYS & SERVERS view, click More [2], and then click Check Point Host… [3]:

Sample image showing [] instances

Keywords are used whenever a new important term is used in the context of the chapter or a section, such as: Access roles are the ultimate tool for the implementation of the zero-trust concept in your environment.

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at customercare@packtpub.com and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Legal disclaimer

This document was created using the official VMware icon and diagram library.

Copyright© 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at https://www.vmware.com/go/patents. VMware does not endorse or make any representations about third-party information included in this document, nor does the inclusion of any VMware icon or diagram in this document imply such an endorsement.

All copyrights are property of their respective owners including Check Point®

Share your thoughts

Once you’ve read Check Point Firewall Administration R81.10+, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Part 1: Introduction to Check Point, Network Topology, and Firewalls in Your Infrastructure and Lab

In this portion of the book, you will be introduced to Check Point products and, specifically, firewalls. We’ll look at them in the context of different infrastructure topologies and segments. You will create a realistic lab environment that will be used in subsequent chapters.

The following chapters will be covered in this section:

Chapter 1, Introduction to Check Point Firewalls and Threat Prevention Products

Chapter 2, Common Deployment Scenarios and Network Segmentation

Chapter 3, Building a Check Point Lab Environment – Part 1

Chapter 4, Building a Check Point Lab Environment – Part 2

Chapter 1: Introduction to Check Point Firewalls and Threat Prevention Products

In this chapter, we will learn about the past and the present of Check Point Software Technologies in the context of evolving cybersecurity challenges. We will become familiar with the three main product lines, their components, and their relevance to the threat prevention capabilities of Check Point firewalls. We will examine the flexibility and advantages of security management architecture, address the learning process, and go through the user and account creation process in preparation for the following chapters.

In this chapter, we are going to cover the following main topics:

Learning about Check Point's history and the current state of the technology

Understanding the Check Point product lineup and coverage

Introducing the Unified Management concepts and the advantages of security product consolidation

Familiarization with the Security Management Architecture (SMART)

Determining how we learn

Navigating the Check Point User Center

Technical requirements

For this chapter, we will need a web browser for access to the Check Point User Center and a smartphone running either iOS or Android, with an authentication manager application of your choice and a time-based, one-time password functionality, such as Google or Microsoft Authenticator, to enable second-factor authentication for access to the User Center.

Learning about Check Point's history and the current state of the technology

To get a sense of the product and the company behind it, it is good to have perspective. When were they founded? How long have they been in business? How consistent is their performance over time? What areas of cybersecurity is the company working in and how well are they rated? To find the answers to these questions, let's look at the past and the present of Check Point Software Technologies.

In the beginning, there was FireWall-1

In 1994, FireWall-1, released by Check Point Software Technologies, effectively launched the commercial firewall market and, according to Gartner, Check Point has been named a leader in the Network Firewalls category 21 times since.

The company received the following mention at the Cybersecurity Excellence Awards for 2016: "All of the US Fortune 100, and over 90% of the Fortune 500, rely on Check Point solutions to protect their networks and data." ¹

Shortly after launching FireWall-1, Check Point released VPN-1 for remote access and secure connectivity with peers and, over the years, continued to introduce additional components, enhancements, and new products. Since then, the cybersecurity arena has become saturated with many entrants bringing new products to the market. Throughout all of this time, Check Point's expanding product line, and especially their evolving management interface, has been recognized as the gold standard against which all competitors are measured.

Check Point firewalls were originally created to run on multiple operating systems and hardware, hence the name of the company, Check Point Software Technologies.

This is an important distinction when compared with the offerings provided by other vendors that were creating their solutions based on specialized ASICs (Application-Specific Integrated Circuits). When cloud computing ushered in a new era in information technology, Check Point was able to immediately offer the same degree of protection to cloud-based environments as was previously available to traditional infrastructures. Since Check Point enterprise firewalls were running on x86/x64 platforms, they did not require porting or emulation to do that.

Check Point today

Check Point's products are now deployed in 88 countries and more than 100,000 businesses. It has offices in 75 countries, over 3,500 security experts, and a world-acclaimed research and intelligence organization². Its firewall and threat prevention product line has offerings that cover an entire spectrum of clients; from small offices to enterprises, carrier networks, government agencies, and industrial control systems. They are available in the largest number of cloud services, including Amazon AWS, Microsoft Azure, Oracle Cloud, Google Cloud services, Alibaba Cloud, and IBM Cloud.

Check Point Software Technologies was recognized as a Microsoft Security 20/20 Partner Award Winner for Most Prolific Integration Partner in 2020, and for Most Transformative Integration Partner in 2021³.

By protecting networks, hosts, data, workloads on hypervisors, containers, and microservices from advanced threats while using unified management architecture, Check Point remains at the forefront of cybersecurity. It has grown organically and, through judicious acquisitions and integration of complementary products over the years, and is now the largest publicly traded cybersecurity company in Israel, a nation known worldwide for its remarkably strong information security and intelligence capabilities.

With an unparalleled commitment to product evolution and quality, its ever-growing list of partners, dedicated support for automation, and orchestration for organizations adopting DevSecOps practices, it is the best choice for anyone looking to embark on their journey of becoming a member of the cyber defense elite.

Now that we've learned a little about the company's history, let's take a look at Check Point's product line.

Understanding the Check Point product lineup and coverage

The scope of Check Point offerings could be better understood when looking at the following chart depicting the three main branches of products:

Figure 1.1 – Check Point unified security architecture components

The Quantum branch is primarily concerned with hardware appliances, but it does include Check Point's own cloud-hosted scalable management solution (Quantum Smart-1 Cloud).

The small business appliances in the Quantum branch are running an embedded version of Check Point's firewall. They are different from the rest of the lineup in that category, but they, too, could be managed from the same centralized management solutions as the rest.

The CloudGuard branch, while primarily concerned with cloud-based solutions, includes those for the on-premises virtualization environments, such as VMware vSphere, Microsoft Hyper-V, and Nutanix. Additionally, the management servers deployed in the cloud as VMs are also considered to be part of the CloudGuard product line.

The Harmony branch contains solutions necessary to safeguard endpoints inside, as well as outside, of your organization (including BYOD and mobile devices) and to provide your users with multiple choices for secure remote connectivity.

Now that we have learned about the scope of Check Point products, let's take a look at the benefits of having a single vendor solution protecting your infrastructure and data.

Introducing the Unified Management concepts and the advantages of security product consolidation

Historically, security-conscious enterprises were practicing defense-in-depth by layering and combining multiple solutions in the hope of preventing systems and network compromise. While this approach was viable 10 years ago, it is getting progressively more difficult to maintain it.

Let's look at the evolution of the threats over time to get a better idea of why this is so by using the following diagram:

Figure 1.2 – Attack generations and types, escalation, and the response over time

In addition to the complexity and advances of the attacks, the numbers of bad actors, as well as the number of different attacks, are increasing exponentially. The field of offensive cybersecurity is attracting an ever-increasing number of people, not all of them ethical hackers. This contributes to the snowballing effect and the number of compromised systems, networks, and companies. The latest batch of attacks focusing on the supply chain is yet another manifestation of this trend.

The sheer number of cybersecurity vendors and point solutions, each trying to address different problem areas, makes it a virtual impossibility for smaller teams to manage them effectively. It takes years to gain proficiency with a single product, let alone multiple ones. Add to this the rapid development cycles of each vendor trying to keep up with evolving capabilities of cybercriminals and offerings by competition, and you will have to spend most of your time learning about new features and changes in all of these products, while at the same time fighting compatibility issues.

For a while, the combination of Security Information and Event Management (SIEM) solutions as hubs for the consolidation of logs, their correlation, and Security Orchestration Automation and Response (SOAR) actions based on pre-defined conditions looked like a possible solution to this problem. However, these options failed to address the multi-vendor cost of human capital, further complicating the operations of smaller security teams. They are now primarily relegated to larger enterprises, carrier networks, and Managed Security Services Providers (MSSPs) that can afford to