FireWall-1 / VPN-1

FireWall-1 / VPN-1 is a commercial firewall software from the Israeli software manufacturer Check Point . It is an SPI firewall. SPI Technology has the advantage that, for example, with a single firewall rule, both the outgoing traffic of a connection and the response packets from the target system that belong to this connection are automatically allowed. SPI evaluates the TCP flags set in the packets and, for example, only allows packets with "SYN + ACK" TCP flags to pass if packets with the "SYN" flag (connection establishment, 3-way handshake) were previously sent by the Firewall were seen. Almost all firewalls now work according to the "SPI" principle. With newer versions, the data streams running through the firewall are optionally also checked at the application level, for example to identify known attack patterns and, if necessary, to block them (intrusion prevention), which goes far beyond the original functionality of a firewall (packet filter).

The Checkpoint Firewall solution is often used in the professional environment due to the following most important criteria:

• High data throughput
• High fundamental stability and reliability
• Very clear presentation of the firewall rules
• Extremely granular manipulation of the handling of protocol-specific packets
• Detailed and clear logging of all connections including revisions
• Central management of several firewalls via a central "Smart Center Server"
• Diverse options for the hardware selection on which the Check Point software is operated

FireWall-1 was the first commercial solution based on SPI technology in the mid-1990s. Until 2002, the software , which had meanwhile been supplemented with VPN functionality and renamed Firewall-1 / VPN-1, was the market leader in the professional firewall environment. Depending on the economic perspective, it still is today.

Operating systems

The FireWall-1 / VPN-1 software can be installed under different operating systems. This distinguishes the product from its biggest competitors in the professional environment, Cisco ASA and Juniper Netscreen .

In the versions NGX R61 – R65, FireWall-1 / VPN-1 supports the following operating systems:

• Solaris version 8, 9, 10
• Windows 2000/2003 Server
• Red Hat Enterprise Linux version 3.0
• Check Point GAiA is a specially hardened Red Hat Linux, SPLAT
• Nokia IPSO

Versions

The scheme of the version and revision number and thus also the product name has been changed several times in the past:

• Firewall-1: Version 1.0 (April 1994) to Version 4.1 (2000)
• Firewall-1 / VPN-1 Next Generation: NG (June 2001) via NG FP1 (November 2001) up to NG FP3 (August 2002)
• Firewall-1 / VPN-1 Next Generation with Application Intelligence:
  • NG AI R54 (June 2003)
  • NG AI R55 (November 2003)
  • NGX R60 (August 2005)
  • NGX R61 (March 2006)
  • NGX R62 (November 2006)
  • NGX R65 (March 2007)
  • NGX R70 (March 2009)
  • NGX R71 (April 2010)
  • NGX R75 (December 2010)

Web links

• Firewall-1