User Manual Part 1
Table Of Contents
- Check Point Safe@Office User Guide 8.0
- Copyright & Trademarks
- Contents
- About This Guide
- Introduction
- About Your Check Point Safe@Office Appliance
- Safe@Office 500 Product Family
- Product Features
- Wireless Features
- Optional Security Services
- Software Requirements
- Getting to Know Your Safe@Office 500 Appliance
- Getting to Know Your Safe@Office 500W Appliance
- Getting to Know Your Safe@Office 500 ADSL Appliance
- Getting to Know Your Safe@Office 500W ADSL Appliance
- Contacting Technical Support
- Safe@Office Security
- Installing and Setting Up Safe@Office
- Getting Started
- Configuring the Internet Connection
- Managing Your Network
- Using Bridges
- Configuring High Availability
- Using Traffic Shaper
- Working with Wireless Networks
- Viewing Reports
- Viewing Logs
- Setting Your Security Policy
The Safe@Office Firewall
38 Check Point Safe@Office User Guide
Old Firewall Technologies
Older firewall technologies, such as packet filtering and application-layer gateways, are
still in use in some environments. It is important to familiarize yourself with these
technologies, so as to better understand the benefits and advantages of the Check Point
Stateful Inspection firewall technology.
Packet Filters
Historically implemented on routers, packet filters filter user-defined content, such as IP
addresses. They examine a packet at the network or transport layer and are application-
independent, which allows them to deliver good performance and scalability.
Packet filters are the least secure type of firewall, as they are not application-aware,
meaning that they cannot understand the context of a given communication. This makes
them relatively easy targets for unauthorized entry to a network. A limitation of this type
of filtering is its inability to provide security for basic protocols.
Packet filters have the following advantages and disadvantages:
Table 11: Packet Filter Advantages and Disadvantages
Advantages Disadvantages
Application independence Low security
High performance No screening above the network layer
Scalability
Application-Layer Gateways
Application-layer gateways improve security by examining all application layers, bringing
context information into the decision-making process. However, the method they use to do
this disrupts the client/server model, reducing scalability. Ordinarily, a client sends
requests for information or action according to a specific protocol, and the server responds,
all in one connection. With application-layer gateways, each client/server communications
requires two connections: one from a client to a proxy, and one from a proxy to a server. In
addition, each proxy requires a different process (or daemon), making support for new
applications a problem.