Check Point VPN-1

VPN-1 is a firewall and VPN product developed by Check Point Software Technologies Ltd.

VPN-1 is a stateful firewall which also filters traffic by inspecting the application layer. It was the first commercially available software firewall to use stateful inspection. Later (1997), Check Point registered U.S. Patent # 5,606,668 on their security technology that, among other features, included stateful inspection.[1] VPN-1 functionality is currently bundled within all the Check Point's perimeter security products. The product, previously known as FireWall-1, is now sold as an integrated firewall and VPN solution.


The VPN-1 software is installed on a separate operating system, which provides the protocol stack, file system, process scheduling and other features needed by the product. This is different from most other commercial firewall products like Cisco PIX and Juniper firewalls where the firewall software is part of a proprietary operating system.

Although traditionally sold as software only, VPN-1 is also sold in appliance form as Check Point's UTM-1 (starting 2006) and Power-1 appliances. These appliances run the SecurePlatform operating system.

As of version R70, VPN-1 supports the following operating systems:

Previous versions of Check Point firewall supported other operating systems including Solaris, HP-UX and AIX. See the table in the Version History section below for details.

VPN-1 running on the Nokia platform on IPSO is often called a Nokia Firewall as if it were a different product, but in fact it runs the same VPN-1 software as other platforms.

Upon completing the acquisition of Nokia Security Appliance Business in 2009, Checkpoint started the project named Gaia aimed at merging two different operating systems—SecurePlatform and IPSO—into one. This new OS is positioned to finally replace both existing operating systems at some point in the future.[2] On April 17, 2012 Check Point announced the general availability of the Gaia operating system as part of the R75.40 release.


While started as pure firewall and vpn only product, later more features were added. And while they are licensed separately, they have since began to be bundled in default installations of the VPN-1 as well.

SmartDefense (IPS) This feature adds to the built-in stateful inspection and inherent TCP/IP protocols checks and normalization inspection of most common application protocols. Starting NGX R70 this feature has been rebranded as IPS.
Quality of service (Floodgate-1) Checkpoint implementation of the Quality of service (QOS). It supports bandwidth guaranteeing or limiting per QOS rule or per connection. Also the priority queuing can be done (LLQ). Nevertheless, RFC based QOS implementation, be it Differentiated services or Ip precedence, are not supported
Content Inspection Starting with NGX R65 this new feature has been introduced providing 2 services:

  • Antivirus scanning - scanning of the passing traffic for viruses
  • Web filtering - limiting access of internal to the firewall hosts to the Web resources using explicit URL specification or category rating.

See also


  1. ^ "Check point software technologies Ltd. awarded patent for stateful inspection technology" (Press release). Check Point Software Technologies Ltd. 1997-03-17. Archived from the original on 2008-07-04. Retrieved 2009-04-01.
  2. ^ Gaia project

External links

Check Point GO

Check Point GO is a USB drive that combines an encrypted USB flash drive with virtualization, VPN and computer security technologies to turn a PC into a secure corporate desktop. By plugging Check Point GO into the USB port of a Microsoft Windows OS-based PC or laptop, users can launch a secure virtual workspace that is segregated from the host PC. This allows users to securely access company files and applications from any remote location, including insecure host environments such as a hotel business center or Internet café.Check Point GO uses hardware and software encryption to protect user credentials, documents, and other sensitive data, so that data cannot be compromised in transit or in the event the device is lost. The system uses an authentication process that enforces minimum levels of password strength, as well as certificates and security tokens for multifactor authentication for remote connectivity. The device interfaces with software on a corporate server to support company policies and security updates through security gateways.

List of SIP software

This list of SIP software documents notable software applications which use Session Initiation Protocol (SIP) as a voice over IP (VoIP) protocol.

List of TCP and UDP port numbers

This is a list of TCP and UDP port numbers used by protocols of the application layer of the Internet protocol suite for the establishment of host-to-host connectivity.

The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full-duplex, bidirectional traffic. The Stream Control Transmission Protocol (SCTP) and the Datagram Congestion Control Protocol (DCCP) also use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist.

The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses. However, many unofficial uses of both well-known and registered port numbers occur in practice. Similarly many of the official assignments refer to protocols that were never or are no longer in common use. This article lists port numbers and their associated protocols that have experienced significant uptake.

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.