User Manual Part 1
Table Of Contents
- Check Point Safe@Office User Guide 8.0
- Copyright & Trademarks
- Contents
- About This Guide
- Introduction
- About Your Check Point Safe@Office Appliance
- Safe@Office 500 Product Family
- Product Features
- Wireless Features
- Optional Security Services
- Software Requirements
- Getting to Know Your Safe@Office 500 Appliance
- Getting to Know Your Safe@Office 500W Appliance
- Getting to Know Your Safe@Office 500 ADSL Appliance
- Getting to Know Your Safe@Office 500W ADSL Appliance
- Contacting Technical Support
- Safe@Office Security
- Installing and Setting Up Safe@Office
- Getting Started
- Configuring the Internet Connection
- Managing Your Network
- Using Bridges
- Configuring High Availability
- Using Traffic Shaper
- Working with Wireless Networks
- Viewing Reports
- Viewing Logs
- Setting Your Security Policy
The Safe@Office Firewall
Chapter 2: Safe@Office Security 39
Application-layer gateways have the following advantages and disadvantages:
Table 12: Application-Layer Gateway Advantages and Disadvantages
Advantages Disadvantages
Good security Poor performance
Full application-layer awareness Limited application support
Poor scalability (breaks the client/server model)
Check Point Stateful Inspection Technology
Invented by Check Point, Stateful Inspection is the industry standard for network security
solutions. A powerful inspection module examines every packet, ensuring that packets do
not enter a network unless they comply with the network's security policy.
Stateful Inspection technology implements all necessary firewall capabilities between the
data and network layers. Packets are intercepted at the network layer for best performance
(as in packet filters), but the data derived from layers 3-7 is accessed and analyzed for
improved security (compared to layers 4-7 in application-layer gateways). Stateful
Inspection incorporates communication and application-derived state and context
information, which is stored and updated dynamically. This provides cumulative data
against which subsequent communication attempts can be evaluated. Stateful Inspection
also delivers the ability to create virtual-session information for tracking connectionless
protocols, such as UDP-based and RPC applications.
Safe@Office appliances use Stateful Inspection technology to analyze all packet
communication layers and extract the relevant communication and application state
information. The Safe@Office appliance is installed at the entry point to your network, and
serves as the gateway for the internal network computers. In this ideal location, the
inspection module can inspect all traffic before it reaches the network.