Check Point Software Technologies CPSB-500G-U-AD-A User manual

Category
Hardware firewalls
Type
User manual
YOUR CHALLENGE
In today’s business environment, maintaining customer confidence and
protecting your business means securing your broadband connection and
network. Taking steps to safeguard critical data is vital to your success and
often mandated by industry-specific regulations.
Internet threats, such as viruses, worms, hackers and zero-hour attacks, require
a host of different solutions that are difficult to integrate and costly to manage.
You need a solution designed to meet the complex needs of today’s small
business.
OUR SOLUTION
Designed specifically to meet the needs of small businesses, Check Point
Safe@Office
®
500 Unified Threat Management appliances deliver proven
Internet security by incorporating the same patented technology used by 98%
of the Fortune 500. A single Safe@Office appliance can protect a network of up
to 100 users from a multitude of Internet threats, creating a solid line of defense
against hacking attempts, denial of service attacks, phishing and viruses.
Also available with an integrated secure wireless access point and with an
advanced ADSL/ADSL2+ modem, Safe@Office meets small businesses’ needs
for connectivity and network security.
UNMATCHED PROTECTION
Safe@Office appliances integrate Check Point’s industry leading INSPECT
Stateful Inspection firewall technology and SmartDefense Intrusion Prevention,
capable of examining hundreds of predefined applications, protocols and
services. Check Point Application Intelligence™ technology blocks denial of
service (DoS) attacks, detects protocol anomalies and limits an application’s
ability to spread malicious data, and controls application-layer operations.
These mechanisms aid proper usage of applications such as instant messaging,
peer-to-peer (P2P) file sharing and File Transfer Protocol (FTP), allowing you
to block questionable traffic and ensuring your bandwidth is used in the most
efficient and secure manner.
Safe@Office 500
for Small Businesses
Keep your network safe with
proven Internet security
The NGX platform delivers a unified
security architecture for Check Point
perimeter, internal, and Web security.
Network Security
Check Point network security
solutions are the market-
leading choice for securing the
network infrastructure.
PRODUCT DESCRIPTION
Safe@Office UTM appliances deliver proven,
integrated security and networking features
right out-of-the-box. Safe@Office offers a
simple, affordable and reliable solution to
keep small business networks protected
anytime, anywhere.
PRODUCT FEATURES
Industry’s most proven and trusted
Firewall
Robust IPSec VPN (site-to-site and
remote access)
Intrusion Prevention, Antivirus and
Web Filtering capabilities
Easy-to-use, wizard-based
management with preset security
rules and automatic updates
Integrated, high-performance
networking capabilities
Wireless LAN, ADSL2+ modem and
support for 3G cellular connectivity
PRODUCT BENEFITS
Delivers an affordable, easy-to-use,
all-in-one security solution
for small businesses
Provides small businesses with
the same proven security technologies
trusted by 98% of the Fortune 500
Addresses industry specific network-
security regulations
Maximizes employee productivity
through secure Wireless LAN,
web-filtering and VPN connectivity
Streamlines ongoing security
policy administration
Ensures around-the-clock business
continuity
Safe@Office 500
You can define port-based and tag-based VLANs, allowing
you to set-up multiple isolated network zones. For added
security, you can enable 802.1x port-based security, requiring
both LAN and WLAN users to securely sign-on before gaining
physical access to the network. Unauthenticated users can
be automatically moved to a “quarantine” area, providing a
restricted “guest user” access level.
Gateway Antivirus
Stop viruses before they reach your network
Stateful inspection antivirus blocks viruses before they enter
the network, providing preemptive protection. The antivirus
policy setup provides a simple and quick way to define
precisely which type of traffic should be scanned. By using
the gateway streaming antivirus in parallel with desktop
antivirus solutions, you can protect against zero-hour virus
outbreaks, providing an additional security layer against new
viruses in the wild.
Web-Filtering
Inappropriate Web surfing can introduce security threats,
increase legal liability and decrease employee productivity.
Safe@Office appliances integrate best-of-breed Web
filtering using an extensive database of threat categories and
associated URLs. You can define an acceptable web-access
policy for your organization and protect it from threats such as
spyware and viruses, as well as new risks from inappropriate
web content. Additionally, you can define custom web-rules
to block or allow access to specific websites and URLs.
ACCESS YOUR OFFICE NETWORK–ANYTIME, ANYPLACE
Safe@Office integrates VPN and remote desktop capabilities,
allowing secure remote access to your network, so you can
increase productivity and ensure business continuity without
compromising your IT resources.
Safe@Office appliances authenticate remote user identities
to ensure that only authorized users have network
access, encrypting communications to ensure complete
confidentiality. Teleworkers and road-warriors can use the
bundled VPN-1
®
SecuRemote™ VPN client or L2TP IPSec
VPN client on their laptops or PDAs to securely access email
and other resources. In addition, with the Remote Desktop
capability you can remotely control computers in your
network directly from your web browser. Safe@Office site-to-
site VPN ensures your business offices can be interconnected
with permanent, highly secure tunnels.
Wi-Fi Networking
Safe@Office 500W integrates a wireless LAN access point
supporting the Super-G standard, enabling wireless network
speeds of up to 108 Mbps. It is backward compatible with
802.11b and 802.11g technologies. With Extended Range
(XR) enabled clients, you achieve up to three times the range
of a standard access point.
Wireless Security and Hot-Spots
With Safe@Office appliances you can segment your wireless
network into multiple virtual access points, each with
a different security policy and encryption settings.
The appliance authenticates remote user identities using a
Typical deployment of Safe@Office UTM appliances for small businesses providing distributed secure connectivity to home offices,
remote offices and teleworkers.
Safe@Office 500
puresecurity
variety of authentication standards including the latest WPA2.
Safe@Office also supports IPSec VPN technology to encrypt
wireless communication, preventing data from being viewed
or corrupted during transmission. In addition, you can easily
set up wireless hot-spots for your guests and control access
with a customizable Web-based access portal and user
authentication.
Wireless Roaming
By using the Wireless Distribution System (WDS) capability,
you can extend your network even further by interconnecting
two or more Safe@Office appliances. This allows wireless
clients (e.g. laptops, PDAs) to connect seamlessly to your
wireless network, without the need to change your IP
address.
Secure Integrated Connectivity
Safe@Office 500/500W ADSL appliances have an integrated
ADSL2/2+ modem. Supporting download speeds of up to
24Mbps, these appliances provide a complete connectivity
and security solution for small businesses, eliminating the
need for an external ADSL modem.
AROUND THE CLOCK BUSINESS CONTINUITY
Keeping your network up and running 24x7 is critical.
Safe@Office appliances include high-availability, connectivity
redundancy and Quality of Service (QoS) features in-order
to minimize down-time. Safe@Office appliances allow
WAN redundancy and load balancing to ensure persistent
connectivity and service availability. Out-of-bound dial-in is
also supported, allowing access to the appliance even if the
Internet connection fails.
Automatic failover across multiple appliances (high-availability)
guarantees around-the-clock availability. A wide variety of 3G
cellular modems, dialup backup, PSTN and ISDN modems
are also supported, to be used as either the primary or
secondary Internet connection.
QUICK SETUP AND MANAGEMENT
The Safe@Office appliance’s simple Web-based
management interface enables you to secure your business
in minutes. You can use the setup wizard to select one of
three preset firewall policies (high, medium or low), or create
your own custom security policy. Security rules are as flexible
as your business needs dictate and can be modified at any
time through a variety of remote management options.
Intuitive Security and Network Monitoring
The Safe@Office appliance logs information on attempted
attacks and displays it in an easy-to-follow, color-coded
report. This enables you to see the IP address from which an
THE TECHNOLOGY INSIDE
Safe@Office is based on Embedded NGX™ with Application Intelligence technology, which incorporates
Check Point’s market-leading Firewall-1
®
and VPN-1
®
software, optimized for embedded platforms.
Embedded NGX™ is developed by SofaWare Technologies, a Check Point company.
Extensive Networking and Traffic Management Capabilities
More than just a security appliance, Safe@Office is a full-
fledged network router that includes a four port LAN switch,
a dedicated DMZ and a WAN port (Ethernet or ADSL). Static
and dynamic routing options are available for complete
interoperability with even the most complex networks. Safe@
Office supports QoS capabilities and can act as a transparent
bridge.
Up-to-date Security – without any Hassle
For effective protection against new and evolving threats,
your network’s security must be kept up to date. Optional
subscription based services allow you to automatically
receive software and antivirus updates, along with web-
filtering services, periodic security reports (providing
in-depth information on traffic, firewall activity, antivirus
activity and more) and dynamic DNS services. Subscription
based services are provided by Check Point or by its Small-
Business MSSP Partners.
attack originated. A “Who Is” utility allows you to identify an
IP address’ owner, giving you Internet “caller ID” capability.
Safe@Office also provides built-in traffic monitoring and
packet capture tools that allow you to monitor and control
incoming and outgoing traffic to ensure efficient utilization of
your broadband connection.
Hardware Specifications
Physical Dimensions
(W x H x D)
Safe@Office 500/ Safe@Office 500
ADSL/ Safe@Office 500W ADSL: 200 x
33 x 122 mm
Safe@Office 500W: 200 x 33 x 130 mm
Temperature
-5ºC ~ 80º C (Storage/Transport),
0ºC ~ 40ºC (Operation)
Regulatory Compliance
FCC Part 15 Class B, CE
Environmental Standards
RoHS, WEEE
Warranty
One Year Hardware
ADSL Modem Specications
Supported Standards
ADSL2, ADSL2+, T.1413 G.DMT (G.992.1) G.Lite (G.992.2)
ANNEX A (ADSL over POTS), ANNEX B (ADSL over ISDN)
Wireless Specications****
Wireless Protocols
802.11b (11Mbps), 802.11g (54Mbps),
Super-G (108Mbps)
Wireless Security
VPN over Wireless, WEP, WPA2 (802.11i),
WPA-PSK, 802.1x
Wireless Range
(Standard Mode)
Up to 100 m indoors and 300 m outdoors
Wireless Range
(XR Mode)
Up to 300 m indoors and 1 km outdoors
Wireless Distribution
System (WDS)
**
Multiple Access Points **
Description SKU
Safe@Ofce Basic Support Plan – 5 Users ST-CPSB-5
Safe@Ofce Basic Support Plan – 25 Users ST-CPSB-25
Safe@Ofce Basic Support Plan – Unlimited
Users
ST-CPSB-U
Safe@Ofce Advanced Support Plan (includes Ba-
sic Support plan and annual Antivirus Denitions
Update) – 5 Users
STAV-CPSB-5
Safe@Ofce Advanced Support Plan (includes
Basic Support plan and annual Antivirus Deni-
tions Update) – 25 Users
STAV-CPSB-25
Safe@Ofce Advanced Support Plan (includes
Basic Support plan and annual Antivirus Deni-
tions Update) – Unlimited Users
STAV-CPSB-U
Safe@Ofce Web Filtering Service – 5 Users WF-CPSB-5
Safe@Ofce Web Filtering Service – 25 Users WF-CPSB-25
Safe@Ofce Web Filtering Service – Unlimited
Users
WF-CPSB-U
Upgrade 5 users to 25 users CPSB-500-UPG-5TO25
Upgrade 25 users to unlimited users CPSB-500-UPG-25TOU
Upgrade 5 users to unlimited users CPSB-500-UPG-5TOU
Safe@Ofce Power Pack
CPSB-500-UPG-PPACK
Description SKU
Safe@Ofce 500 UTM Appliance CPSB-500G-N-XXX
Safe@Ofce 500W UTM Wireless Appliance CPSB-500WG-N-YYYYY-XXX
Safe@Ofce 500 UTM ADSL Appliance CPSB-500G-N-ADSL-Z-XXX
Safe@Ofce 500W UTM Wireless ADSL
Appliance
CPSB-500WG-N-ADSL-Z-
YYYYY-XXX
- Number of users: 5/25/Unlimited (N)
- Power Supply: EU/US/FAE/UK/JPN/AUS/KOR (XXX)
- ADSL Standard: ANNEX A/B (Z)
- Wireless Zone Standard: World/FCCA/MKKA (YYYYY)
* As of Embedded NGX v7.5
** Requires Power Pack upgrade
*** Requires additional purchase of service
**** Super-G and XR mode only available with select wireless network adapters. Actual ranges are subject to change in different environments
500 500W
500
ADSL
500W
ADSL
Concurrent Users
Unlimited/5/25
Hardware Features
Firewall Throughput (Mbps)
190*
VPN Throughput (Mbps)
35*
Concurrent Firewall Connections
8,000
Four Port LAN Switch
10/100 Mbps
WAN Port
Mbps 10/100 ADSL2+
DMZ/WAN2 Port
10/100Mbps
Console Port (Serial)
Wall Mounting Kit
Firewall & Security Features
Check Point Patented Stateful
Inspection Firewall
Application Intelligence (IPS)
Instant Messenger Blocking/
Monitoring
P2P File Sharing Blocking/
Monitoring
Port-based and Tag-based VLAN **
Port-based Security (802.1x) **
Secure HotSpot (Guest Access)
**
Add On Services***
Gateway Antivirus
Antivirus Supported Protocols
,HTTP, FTP, NBT, POP3, IMAP, SMTP
User-defined TCP and UDP ports
On the y decompression
Antispam
Web Filtering
VPN
Remote Access Client Software
C
heck Point VPN-1
®
SecuRemote™
(included)/L2TP IPSec VPN client
Bundled Remote Access Client
Software
Unlimited (Check Point VPN-1 SecuRemote)
Site-to-Site VPN
Remote Access VPN
VPN Tunnels 100
Remote Access VPN Proles 5/25**
Site To Site VPN Proles 2/Unlimited**
IPSec Features
Hardware accelerated DES, 3DES, AES,
MD5, SHA-1, Hardware Random Number
Generator (RNG), Internet Key Exchange
(IKE), Perfect Forward Secrecy (PFS), IPSec
Compression, IPSec NAT Traversal (NAT-T)
L2TP VPN Server
Networking
Supported Standards
Static IP, DHCP,
PPPoE, PPTP, Telstra
Static IP, DHCP,
PPPoE, PPTP, Telstra,
EoA, PPPoA
Backup ISP
Dialup Backup
Serial Serial, USB Serial, USB Serial, USB
Trafc Shaper (QoS)
Basic/Advanced
**
Automatic Gateway Failover (HA) **
Dynamic Routing **
Print Server -
✔ ✔ ✔
Management
HTTP / HTTPS / SSH / SNMP /
SMP / SMP On-Demand
Local Diagnostic Tools
Ping, WHOIS, Packet Sniffer, VPN Tunnel Monitor,
Connection Table Monitor, Wireless Monitor, Active
Computers Display, Local Logs
©2003–2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Point logo,
ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding
Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT,
INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile,
Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge,
SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter
Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal,
SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector,
Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power
VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm
ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software
Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective
owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other
U.S. Patents, foreign patents, or pending applications.
November 22, 2007 P/N 502918
Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555
Fax: 972-3-575-9256 | Email: [email protected]
U.S. Headquarters
800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000
Fax: 650-654-4233 | www.checkpoint.com
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4

Check Point Software Technologies CPSB-500G-U-AD-A User manual

Category
Hardware firewalls
Type
User manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI