UTM-1 Edge
The security you need. The simplicity you want.
YOUR CHALLENGE
Constantly changing threats and new security challenges make it increasingly
difficult to keep your network safe. New security products, organizational security
policies, and regulatory compliance requirements, have dramatically raised the
complexity and, more important, the cost of securing your network and users.
This is especially challenging when trying to establish secure and reliable communication with your organization’s remote offices such as retail outlets, branch and
satellite offices, and broadband teleworkers.
OUR SOLUTION
UTM-1™ Edge appliances deliver proven, tightly integrated security features to
ensure remote sites remain as secure as larger corporate sites. UTM-1 Edge
includes a complete set of security features including firewall, intrusion prevention, antivirus, as well as secure site-to-site and remote access connectivity. For
large scale deployments, UTM-1 Edge seamlessly integrates with Check Point’s
SMART management solutions to greatly simplify security management.
THE SECURITY YOU NEED
Proven network protection and control
Based on the same Check Point technologies that secure the Fortune 100,
UTM-1 Edge appliances include the industry’s most proven firewall, supporting
hundreds of applications, protocols, and services out-of-the-box. Broad application and protocol support provides comprehensive access control across the
network, including the ability to block non-business related applications such
as Instant Messaging (IM) and Peer-to-Peer (P2P) applications. UTM-1 Edge
appliances also include Check Point’s SmartDefense intrusion prevention technology to ensure remote sites are protected from known and unknown attacks.
Network Security
Check Point network security
solutions are the marketleading choice for securing the
network infrastructure.
PRODUCT DESCRIPTION
Based on proven Check Point security
technologies, UTM-1 Edge appliances
combine firewall, intrusion prevention,
antivirus, as well as secure site-to-site
and remote access connectivity, to
ensure remote sites stay just as secure
as larger corporate sites.
PRODUCT FEATURES
n
Industry’s most proven firewall
n
Robust IPSec VPN for secure site-to-
site connectivity and remote access
n
Integrated intrusion prevention
n
Streaming gateway antivirus
n
Wireless LAN support and optional
integrated high-speed ASDL modem
n
SMART management compatible for
centralized, large-scale management
PRODUCT BENEFITS
n
Ensures remote sites remain as
secure as larger corporate sites
n
Provides peace of mind with proven
security technologies trusted by the
Fortune 100
n
Streamlines security deployment and
administration
n
Simplifies WLAN deployment and
management
Streaming Gateway Antivirus
UTM-1 Edge appliances come equipped with integrated gateway antivirus to
provide an extra layer of protection by blocking worms and viruses before they
can enter the network. This provides the ability to scan email (POP3, IMAP,
and SMTP), FTP, and Web (HTTP) traffic, along with other protocols for possible
threats. There is no limitation on the file size being scanned and it supports
on-the-fly file decompression.
The NGX platform delivers a unified
security architecture for Check Point.
UTM-1 Edge
puresecurity
™
Retail Site
Branch Offices
Branch
Office 2
PDA
UTM-1 Edge W
UTM-1 Edge W
Backup
Branch
Office 1
VLAN 2
VLAN 3
VLAN 1
Branch
Office 3
Internet
Partner Site
Corporate
Headquarters
Retail Inventory
Database
Employee
Database
Financials
Database
SMART
Check Point
Centralized Management
VPN-1
SecuRemote
®
Primary
ISP
Backup
ISP
Teleworker
or Traveling
Employee
Connected to
Branch Office
Simple site-to-site connectivity
UTM-1 Edge ensures communications privacy, with IPSec
VPN functionality that offers strong encryption and authentication. With corporations turning to VPNs to link remote offices
for information access or VoIP, UTM-1 Edge appliances can
be easily added to existing VPN communities. For large organizations with complex networks, OSPF dynamic routing is
supported. Route-based VPNs make encryption decisions
based on routing tables, providing the flexibility needed in
ever-changing networks.
Secure, flexible remote access
UTM-1 Edge appliances provide an ideal way for employees
and business partners to connect to the trusted network, by
providing IPSec VPN connectivity with suport for various VPN
clients, including Check Point’s SecuRemote SecureClient,
as well as L2TP VPN clients.
Network Access Control
Support for 802.1x port-based authentication. Enables
organizations to control network access at branch offices
based on endpoint security policy compliance and user
access privileges.
THE SIMPLICITY YOU WANT
Quick Setup
UTM-1 Edge appliances can be set up in less than 10 minutes,
offering truly simple deployment to sites that have minimal
IT resources. Even non-technical staff can easily perform initial
setup and configuration.
SMART Management Compatible
UTM-1 Edge appliances are fully compatible with Check
Point’s industry-leading SMART management solutions
(SmartCenter, SmartLSM, Provider-1). SmartDashboard™,
the central console for managing Check Point security
solutions, allows you to centrally define a security policy for
your entire network, including internal security, main sites,
and remote sites. This unified security architecture reduces
the complexity of security audits by providing a single place
for all security information. With centralized profile-based
management, SmartLSM™ enables you to define a single
security profile and apply it simultaneously to thousands of
UTM-1 Edge appliances. Provider-1 addresses the requirements of organizations that must manage multiple policies
within their environments—such as large global enterprises
or service providers. For enterprise network operations centers, it can simplify a complex security policy by segmenting it
into manageable subpolicies for functional, geographic or
other groupings. For service providers, it consolidates and
centralizes management for thousands of customers.
Centralized, automatic Updates
To maintain a preemptive security environment and ensure
networks stay safe from new attacks, optional SmartDefense
Services provide ongoing and automatic updates to defenses,
policies, and other security elements. Updates can be downloaded automatically and distributed to remote locations at
preset intervals.
puresecurity
™
The security you need. The simplicity you want.
Integrated ADSL modem
UTM-1 Edge appliances are also available with integrated,
high-speed ADSL modems, which eliminate the need for
external ADSL modems and provide administrators with
simple deployment options. It supports the latest ADSL standards, including ADSL v2/2+, and is available with Annex A
and Annex B standards.
Superior wireless connectivity
UTM-1 Edge W appliances integrate a WiFi access-point
(802.11b/g) supporting multiple security protocols, including
802.1x, IPSec over WLAN, RADIUS, WEP, WPA and WPA2
authentication. They also have dedicated WLAN interfaces
from which you can set specific security rules for WLAN segments. This protects wireless interfaces by granting access
only to authorized users, thereby preventing hackers from
attacking corporate applications or resources. In addition, the
wireless interface can be segmented into as many as four virtual access points, each with separate security policies and
encryption methods.
Hot spot support
UTM-1 Edge appliances can be used to create guest access
networks by setting up hot-spot networks. Administrators
can easily require Web-based user authentication or termsof-use approval prior to providing network access. This
enables convenient, yet controlled access for guest users,
without compromising corporate resources.
Wireless roaming
The Wireless Distribution System (WDS) links, available from
UTM-1 Edge W appliances, allow wireless clients to seamlessly connect to other UTM-1 Edge wireless devices and
standards based access points, without changing the client
IP address. The access points can be interconnected by
WDS links or by traditional wired Ethernet connections. WDS
links can also be used to create loop-free topologies (such as
stars or trees of access points), and redundant topologies
(such as loops or meshes of linked access points), with
bridge mode and Spanning Tree Protocol.
PERFORMANCE AND AVAILABILITY
UTM-1 Edge appliances include key high-availability and
Quality of Service features, ensuring that your security keeps
pace with network- and business-critical applications.
UTM-1 Edge appliances support WAN redundancy and
load-balancing to ensure persistent connectivity and service
availability. Dialup backup is also supported, providing either
a primary or a secondary Internet connection if the primary
broadband connection is not available. UTM-1 Edge appliances also provide complete support for PSTN and ISDN, as
well as a wide variety of 3G cellular modems. Out-of-bound
dial-in is also supported, to ensure access to the appliance
even in case the Internet connection fails. Automatic failover
is supported across multiple appliances (high-availability), to
guarantee around-the-clock availability.
Integrated Quality of Service
Network QoS is important where business-critical traffic, such
as VoIP or VPN traffic, is competing with noncritical traffic over
a single internet connection. UTM-1 Edge appliances include
a comprehensive traffic management system that offers
weighted priorities, bandwidth guarantees, and bandwidth
limits. These allocate connectivity resources as predefined by
business priorities and goals. Additionally, UTM-1 Edge W
appliances are the only remote office solutions that support
Wireless Multimedia QoS, which prioritizes multiple types of
traffic flow from different applications— such as audio, video,
and voice—under various environmental and traffic conditions.
UTM-1 EDGE APPLIANCE SPECIFICATIONS
Users 8 16 32 Unlimited
Firewall Throughput 190 Mbps
VPN Throughput 35 Mbps
Concurrent Sessions 8000
10/100 Interfaces 4
Serial Port
USB Port
Firewall & Security Features
Firewall Check Point Stateful Inspection with Application Intelligence
SmartDefense IDS/IPS
Instant Messenger Blocking/Monitoring
P2P File Sharing Blocking/Monitoring
Port-based Security (802.1x Network Access Control)
Port-based and Tag-based VLANs
Gateway Antivirus HTTP, FTP, NBT, POP3, IMAP, SMTP, User-defined TCP and UDP Ports
VPN
Remote access users 1 10 15 25
Remote Access Client Software Check Point VPN-1® SecuRemote™ (included) / L2TP IPSEC VPN Client
VPN Tunnels 100
Remote Access VPN Client
Remote Access VPN Server IPSec and L2TP
OfficeMode
IPSEC Features
Route-Based VPN
Authentication Methods Digital Certificates or Pre-Shared Secret
Clientless Remote Desktop
L2TP VPN Server
puresecurity
™
X8/W8 X16/W16 X32/W32 XU/WU
4
4*
4
4
4
4
4
4
4
Hardware accelerated DES, 3DES, AES, MD5, SHA-1, Hardware Random Number Generator (RNG), Internet
Key Exchange (IKE), Perfect Forward Secrecy (PFS), IPSEC Compression, IPSEC NAT Traversal (NAT-T)
4
4
4
Networking
WAN access protocols
ADSL Supported Standards**
Network Address Translation
DHCP Server, Client and Relay
ADSL models: Static IP, DHCP, PPPoE, PPTP, Telstra, PPPoA, EoA, IPoA
ADSL2, ADSL2+, T.1413 G.DMT (G.992.1) G.Lite (G.992.2).
Available in models: ANNEX A (ADSL over POTS), ANNEX B (ADSL over ISDN)
Static IP, DHCP, PPPoE, PPTP, Telstra
4
4
DHCP Leases 200
Dead Internet Connection Detection (DCD)
Policy Based Routing
Dynamic Routing
Transparent Bridge Mode
Backup VPN Gateways (MEP)
Backup ISP/WAN Load Balancing
4
4
4
4
4
4
Dialup Backup (Requires External Modem) Yes: With External USB*/Serial Modem
Physical Specifications
Dimensions (HxWxD) 20.32 x 3.05 x 12.19 cm (8’ x 1.2’ x 4.8’)
Weight 0.7 kg (1.56 lbs)
Operating Environmental Range
Temperature
Operational: 0ºC - 40ºC
Storage/Transport: -5ºC - 80ºC
Humidity 10% - 90% (non-condensed)
Power 100-240 VAC, 50-60 Hz (Depending on Country)
MTBF 68,000 Hours
Regulatory compliance FCC Part 15 Class B, CE
Warranty 1 year
Wireless LAN (UTM-1 Edge W)
Wireless protocols IEEE 802.11b, 802.11g, Super G***
Wireless Security 802.1x, IPSec over Wireless, MAC address filtering, WEP, WPA, WPA2, WPA-PSK
Wireless range (Standard Mode) Up to 100 meters indoors/Up to 300 meters outdoors****
Wireless Range (Extended Range mode***) Up to 300 meters indoors/ Up to 1 kilometer outdoors****
Wireless Distribution System (WDS)
Multiple Access Points
Dual Diversity Antennas
Wireless Multimedia QoS (WMM)
Hot spot mode
4
4
4
4
4
** Available in the following models: UTM-1 Edge X ADSL, UTM-1 Edge W, UTM-1 Edge W ADSL
**Applies for the ADSL models only: UTM-1 Edge X ADSL, UTM-1 Edge W ADSL
***Super G and XR modes require Super G- and XR-enabled wireless network adapters.
****Environmental factors may lower actual range.
Worldwide Headquarters
CONTACT CHECK POINT
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-575-9256 | Email: info@checkpoint.com
U.S. Headquarters
800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2003–2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Point logo,
ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding
Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT,
INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile,
Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro,
SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM,
SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter,
SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, VPN-1,
VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM,
VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the
Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product
names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611,
6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications.
November 2, 2007 P/N 502624
Loading...