Check Point 发布了基于全新软件Blade架构的最新安全网关和管理产品R70-中文全球首发

liuxingyuan

Software Blades （软件刀片）
The Check Point Software Blade Architecture comes complete with a large selection of blades to choose from for both Security Gateway and Security Management solutions. The following software blades are available for both Security Gateway and Security Management systems.
Check Point软件刀片架构配备了完整的大量刀片选择方案，包括安全网关和安全管理解决方案。下面的软件刀片用于安全网关和安全管理系统。
Security Gateway Software Blades（安全网关软件刀片）

Firewall - World's most proven firewall secures more than 200 applications, protocols and services featuring the most adaptive and intelligent inspection technology.
防火墙——世界上最成熟的防火墙技术加固了超过200个应用，协议和服务特性，具有最具适应性的智能检测技术。
IPsec VPN - Secure connectivity for offices and en users via sophisticated but easy to manage Site-to-Site VPN and flexible remote access.
IPSec VPN—安全地连接分支机构和en用户，易于管理的站点-到-站点和灵活的远程访问。
IPS - The highest performing integrated IPS solution with the industry's best threat coverage
IPS—最高性能的集成IPS解决方案，业界最佳的威胁覆盖。
Web Security - Advanced protection for the entire Web environment featuring the strongest protection against buffer-overflow attacks.
Web安全—为整个web环境提供了先进保护功能，预防缓冲溢出攻击最强大的保护。
URL Filtering - Best-of-breed Web filtering covering more than 20 million URLs protects users and enterprises by restricting access to dangerous Web sites.
URL过滤—最佳组合的web过滤，覆盖了超过2000万网址，保护用户和企业限制访问危险的web站点。
Antivirus & Anti-Malware - Leading antivirus protection including heuristic virus analysis stops viruses, worms and other malware at the gateway
反病毒与反恶意软件 —领先的防病毒保护包括启发式病毒分析，在网关上阻止病毒，蠕虫和其他恶意软件。
Anti-Spam & Email Security - Multi-dimensional protection for the messaging infrastructure stops spam, protects servers and eliminates attacks through email.
反垃圾邮件与邮件安全—为消息架构提供多维的保护，阻止了垃圾邮件，保护了服务器和消除了通过邮件的攻击。
Advanced Networking - Adds dynamic routing, multicast support and Quality of Service (QOS) to security gateways.
高级网络—在安全网关上增加了动态路由，组播支持和服务质量（QoS）
Acceleration & Clustering - Patented SecureXL and ClusterXL technologies provide wire speed packet inspection, high availability and load sharing.
加速与集群—专利的SecureXL和ClusterXL技术提供了线速包检查，高可用和负载均衡。
Voice over IP - More than 60 VoIP application defenses and advanced QoS methods protect the VoIP infranstructure from attacks such as denial of service while delivering high voice quality.
IP语音—多于60种的VoIP应用防御和高级QoS方法保护VoIP基础架构免受诸如拒绝服务的攻击，而提供高质量的语音。

[ 本帖最后由 liuxingyuan 于 2009-2-28 22:19 编辑 ]

liuxingyuan

Security Management Software Blades（安全管理软件刀片）

Network Policy Management - Comprehensive network security policy management for Check Point gateways and blades via SmartDashboard, a single, unified console
网络策略管理—综合的网络安全策略管理，通过SmartDashboard，一个单一的，统一的控制台管理Check Point网关和刀片。
Endpoint Policy Management - Centrally deploy, manage, monitor and enforce security policy for all endpoint devices across any sized organization.
端点策略管理—集中的部署，管理，监视和增强的安全策略，适用于各种规模组织的所有端点设备。
Logging & Status - Comprehensive information in the form of logs and a complete visual picture of changes to gateways, tunnels, remove users and security activities
日志和状态—全面的信息用完全的图形化的方式记录了网关，隧道的变化，用户的移出和安全地活动。
Monitoring - A complete view of network and security performance, enabling fast response to changes in traffic patterns and security events.
监视 —一个网络和安全性能的完整视图，能对流量参数的变数和安全事件快速响应。
Management Portal - Extends a browser-based view of security policies to outside groups such as support staff while maintaining central policy control
管理入口—扩展了基于浏览器的安全策略视图，支持外部群体，诸如需要维护中心策略控制的支持人员。
User Directory - Enables Check Point gateways to leverage LDAP-based user information stores, eliminating the risks associated with manually maintaining and synchronizing redundant data stores.
用户目录—使Check Point网关利用基于LDAP的用户信息存储，消除了手工维护和同步冗余数据存储的风险。
IPS Event Analysis - Complete IPS event management system providing situational visibility, easy to use forensic tools, and reporting.
IPS事件分析—完整的IPS事件管理系统，提供情景可见，易于使用的取证工具和报告。
Provisioning - Provides centralized administration and provisioning of Check Point security devices via a single management console.
供应—通过单一的管理控制台提供了集中的管理和Check Point安全设备的供应。
Reporting - Turns vast amounts of security and network data into graphical, easy-to-understand reports.
报告—整合大量的安全和网络数据为图形化的易于理解的报告。
Event Correlation - Centralized, real-time security event correlation and management for Check Point and third-party devices.
事件关联—集中的，实时地安全事件关联和管理，管理Check Point设备和第三方设备。

[ 本帖最后由 liuxingyuan 于 2009-2-28 22:20 编辑 ]

liuxingyuan

Systems（系统）
To help ease configuration, Check Point has developed several pre-defined bundles composed of a container and software blades.
为帮助容易的配置，Check Point已经发布了几个预定义的集合，由一个容器和软件刀片组成。



Small offices and branches
（小型办公环境和分支机构）
² SG103 and SG106 security gateways （SG103和SG106安全网关）
² SM1003 security management system.（SM1003安全管理系统）
Medium sized companies and offices （中型企业和办公环境）
² SG203, SG205 and SG207 security gateways （SG203，SG205和SG207安全网关）
² SM2506 security management （SM2506安全管理）
High performance offices of any size （任何规模的高性能要求办公环境）
² SG405 and SG407 security gateways （SG405和SG407安全网关）
² SM2506 and SMU007 security management （SM2506和SMU007安全管理）
Large enterprises, campuses and data centers with demanding performance needs （大型企业，园区和数据中心，严格性能需要的环境）
² SG805 security gateway （SG805安全网关）
² SMU007 security management （SMU007安全管理）

liuxingyuan

Check Point Security Gateway Systems （Check Point安全网关系统）
Series 100 - An ideal security solution for the small office. A 1 core system, limited to 50 users and recommended up to 8 ports
Series 100—小型办公环境的一个理性安全解决方案，1个核心系统，限制50个用户和推荐不超过8个端口。

Model	Software Blades	Description
SG103	Firewall, VPN, IPS	An entry level security gateway to provide critical protection the small or branch offices
SG106	Firewall, VPN, IPS, Anti-Spam & Email Security, URL Filtering, Antivirus & Anti-Malware	An ideal XTM ( eXtensible Threat Management) security gateway providing Total Security for the small and branch office

型号	软件刀片	描述
SG103	Firewall, VPN, IPS	入门级安全网关，对小型和分支机构提供关键的保护
SG106	Firewall, VPN, IPS, Anti-Spam & Email Security, URL Filtering, Antivirus & Anti-Malware	理性的XTM（扩展威胁管理）安全网关，为小型和分支办公环境提供全面安全

Series 200 - A cost-effective security platform for mid-size companies and offices. A 2 core system, limited to 500 users and recommended up to 12 ports.
200系列—一个经济的安全平台，用于中型企业和办公室。2核心系统，限制500个用户和推荐不超过12个端口。

Model	Software Blades	Description
SG203	Firewall, VPN, IPS	An entry level security gateway to provide critical protection for mid-sized companies and offices
SG205	Firewall, IPSEC VPN, IPS, Advanced Networking, Acceleration & Clustering	High-performance security gateway for mid-sized companies and offices with demanding network environments
SG207	Firewall, VPN, IPS, Anti-Spam & Email Security, URL Filtering, Antivirus & Anti-Malware, Acceleration & Clustering	Most comprehensive XTM (eXtensible Threat Management) security gateway with high performance capabilities for mid-sized companies and offices

型号	软件刀片	描述
SG203	Firewall, VPN, IPS	入门级安全网关为中型企业和办公室提供关键的保护
SG205	Firewall, IPSEC VPN, IPS, Advanced Networking, Acceleration & Clustering	高性能安全网关，用于网络高性能的中型企业和办公室
SG207	Firewall, VPN, IPS, Anti-Spam & Email Security, URL Filtering, Antivirus & Anti-Malware, Acceleration & Clustering	最综合XTM（扩展威胁管理）高性能安全网关，用于中型企业和办公环境。

[ 本帖最后由 liuxingyuan 于 2009-3-1 13:58 编辑 ]

liuxingyuan

Series 400 - For offices of any size requiring high performance. A 4 core system, unlimited number of users and recommended up to 16 ports.
400系列—用于任何规模要求高性能的办公环境。一个4核心系统，无限制用户，推荐不超过16个端口

Model	Software Blades	Description
SG405	Firewall, VPN, IPS, Advanced Networking, Acceleration & Clustering	High performance security gateway for company of any size
SG407	Firewall, VPN, IPS, Anti-Spam & Email Security, URL Filtering, Antivirus & Anti-Malware, Acceleration & Clustering	Most comprehensive XTM (eXtensible Threat Management) security gateway for offices of any size requiring high performance

型号	软件刀片	描述
SG405	Firewall, VPN, IPS, Advanced Networking, Acceleration & Clustering	高性能的安全网关，用于任何规模的企业
SG407	Firewall, VPN, IPS, Anti-Spam & Email Security, URL Filtering, Antivirus & Anti-Malware, Acceleration & Clustering	最综合XTM（扩展威胁管理）安全网关，用于任何规模的要求高性能的办公环境

Series 800 - Designed for the most demanding highest performance environments, the Series 800 security gateway is ideal for the large campus and data center. It is optimized for 8 core system.
800系列—为那些最严格高性能的环境设计。800系列安全网关是大型企业和数据中心的理想选择，为8核心系统进行了优化。

Model	Software Blades	Description
SG805	Firewall, VPN, IPS, Advanced Networking, Acceleration & Clustering	High-performance security gateway for the most demanding performance environments.

型号	软件刀片	描述
SG805	Firewall, VPN, IPS, Advanced Networking, Acceleration & Clustering	高性能的安全网关，用于最严格要求性能的环境

liuxingyuan

Check Point Security Management Systems（Check Point安全管理系统）

Model	Software Blades	Description
SM1003	Network Policy Management, Endpoint Policy Management, and Logging and Status	Ideal entry level central security management solution for small organizations.   Manages up to 10 gateways
SM2506	Network Policy Management, Endpoint Policy Management, Logging and Status, Monitoring, IPS Event Analysis, and Provisioning	A cost-effective central security management for medium size companies and offices with advanced capabilities. Manages up to 25 gateways
SMU007	Network Policy Management, Endpoint Policy Management, Logging and Status, Monitoring, IPS Event Analysis, Provisioning and User Directory	Industry leading central security management solutions for large enterprises. Unlimited number of gateways

型号	软件刀片	Description
SM1003	Network Policy Management, Endpoint Policy Management, and Logging and Status	理想的入门级安全管理方案，用于小型组织，管理不超过10个网关
SM2506	Network Policy Management, Endpoint Policy Management, Logging and Status, Monitoring, IPS Event Analysis, and Provisioning	一个经济的集中安全管理系统，用于高性能力的中型企业和办公环境，管理不超过25个网关。
SMU007	Network Policy Management, Endpoint Policy Management, Logging and Status, Monitoring, IPS Event Analysis, Provisioning and User Directory	业界领导级集中安全管理方案，不限制网关的数量

liuxingyuan

Firewall Software Blade（防火墙软件刀片）

Overview（概述）
Check Point Firewall Software Blade is the world’s most proven firewall solution trusted to secure 100% of the Fortune 100. The Firewall Software Blade provides the highest level of security, with access control, application security, authentication and Network Address Translation (NAT) available to block unauthorized network users and protect enterprise users and data. The Firewall Software Blade leverages the Security Management Software Blades, enabling remote intelligent management with maximum efficiency.
Check Point 防火墙软件刀片是世界上最值得信赖的防火墙，为财富100强提供了100%的安全。防火墙软件刀片提供了最高级别的安全，使用访问控制，应用程序安全，认证和网络地址翻译（NAT）阻止未授权的网络用户，保护企业用户和数据。防火墙软件刀片联合安全管理软件刀片，能够进行远程智能管理获取最大性能。
Using INSPECT, the most adaptive and intelligent inspection technology available, the Firewall Software Blade integrates both network and application-layer protection. INSPECT supports a large range of protocols and application and easily extensible to support new ones without requiring massive software upgrades. Every Check Point Security Gateway includes the Firewall Software Blade.
使用INSPECT，最适用和智能的检测技术，防火墙软件刀片集成了网络和应用层的保护。INSPECT支持大量的协议和应用，并且容易扩展以支持新出现的应用，不要求大量的软件升级。每一个Check Point安全网关包含防火墙软件刀片。
Check Point pioneered and patented Stateful Inspections. U.S. Patent # 5,606,668, issued on February 25, 1997, covers, among other things, Check Point Software's implementation of "Stateful Inspection" technology for controlling network traffic, which includes a flexible, easily-alterable network security method for examining the information flow into and out of a network and making security decisions based on previously stored results.
Check Point发明和拥有状态化检测专利，U.S.专利号5,606,668，1997年2月25日分配。为控制网络流量的Check Point软件实现“状态化检测”，包括了一个灵活的，易于改变的网络网络安全方法，仔细检查流进流出网络的信息流，基于以前存储的结果作出安全判定。
Key Benefits （主要优点）
² The Check Point Firewall Software Blade protects 100% of the Fortune 100 （Check Point 防火墙保护了100%的财富100强）
² Comprehensive network and application firewall with access control, attack protection, application security, authentication and Network Address Translation (NAT) （综合的网络和应用防火墙，提供访问控制，攻击防护，应用安全，认证和网络地址转换（NAT））
² Comprehensive network and application firewall （综合网络和应用防火墙）
² Industry-leading and tight integration with Check Point Security Management Software Blades and Check Point Security Gateway Software Blades （业界领导，紧密集成Check Point安全管理软件刀片和Check Point安全网关软件刀片）
² High performance（高性能）
² Multi-platform support（多平台支持）

[ 本帖最后由 liuxingyuan 于 2009-3-1 14:05 编辑 ]

liuxingyuan

Feature（特性）
Access Control （访问控制）
Authentication （认证）
Network Address Translation (NAT) （网络地址转换NAT）
ISP Redundancy （ISP冗余）
Bridge Mode （桥模式）
Access Control （访问控制）
Network administrators need the means to securely control access to resources such as networks, hosts, network services and protocols. Determining what resources can be accessed, and how, is the responsibility of Access Control.
网络管理员需要对资源进行安全的访问控制，这些资源包括网络，主机，网络服务和协议。决定哪些资源能够被访问，怎样被访问是访问控制的责任。
Authentication （认证）
Authentication confirms the identity of valid users authorized to access your company network. Staff from different departments are assigned access permissions based on their level of responsibility and role within the organization. Authentication ensures that all users trying to access the system are valid users, but does not define their access rights.
认证确认了合法用户授权访问您公司网络的标识。不同部门的职员基于他们的可信赖级别和公司的规则获取访问许可。认证确保了所有试图访问系统的用户是合法的用户，但是没有定义他们的访问权限。
Network Address Translation (NAT) （网络地址转换（NAT））
Whether computers have routable or non-routable addresses, the administrator may want to conceal their real addresses for security reasons, for example, to ensure that addresses cannot be seen from outside the organization or from other parts of the same organization. A network’s internal address contains the topology of the network and therefore hiding this information greatly enhances security.
不管公司具有可路由或不可路由的地址，管理员可能处于安全的原因隐藏他们真实的地址。例如，确保地址不能被组织外部或相同组织的其他部门看到。一个网络的内部地址包含了网络的拓扑结构因而隐藏这些信息极大地增强了安全。
ISP Redundancy（ISP冗余）
ISP Redundancy assures reliable Internet connectivity by allowing a single or clustered security gateway to connect to the Internet through redundant Internet Service Provider (ISP) links. This feature is part of the standard Firewall installation and does not require costly new networking hardware or specialized knowledge to operate. Two modes are available: Load Sharing and Primary/Backup.
ISP 冗余确保了可靠的Internet连接，允许单一或集群的安全网关通过冗余的ISP链路连接到Internet。这个功能是标准防火墙安装的一部分，不需要高昂的网络硬件和特殊的操作知识。两种模式可以实现：负载均衡和主要/备份。
Bridge Mode（桥模式）
A security gateway in bridge mode operates as a regular firewall, inspecting traffic and dropping or blocking unauthorized or unsafe traffic. A security gateway in bridge mode is invisible to all Layer-3 traffic. When authorized traffic arrives at the gateway, it is passed from one interface to another through a procedure known as bridging. Bridging creates a Layer-2 relationship between two or more interfaces, whereby any traffic that enters one interface always exits the other. This way, the firewall can inspect and forward traffic without interfering with the original IP routing.
安全网关在桥模式下的操作如同正常的防火墙，检测流量并丢弃或阻止未授权或不安全的流量。安全网关的桥模式对于所有三层流量是不可见的。当未授权的流量到达网关时，它从一个接口到达另一个接口即为桥。桥接在两个或多个接口之间创建了二层的联系，凭借与此，那些进入一个接口的任何流量总是从另一个出去。通过这种途径，防火墙能够检查和转发流量，而不改变原始的IP路由。

liuxingyuan

IPSEC VPN Software Blade（IPSEC VPN软件刀片）

Overview （概述）
Check Point's VPN Software Blade is an integrated software solution that provides secure connectivity to corporate networks, remote and mobile users, branch offices and business partners. The blade integrates access control, authentication and encryption to guarantee the security of network connections over the public Internet.
Check Point的VPN软件刀片是集成的软件方案，提供了安全到公司网络的连接，包括远程和移动用户，分支机构和商业伙伴。该刀片集成了访问控制，认证和加密保证了通过公共Internet的网络连接的安全。
Key Benefits （主要优点）
² Simple, centralized management of remote access and site-to-site VPNs （简单，集中化的远程访问和站点到站点VPN的管理）
² Enhanced IPsec VPN security （增强的IPSec VPN安全）
Multiple remote access VPN connectivity modes to support road warriors from all locations and networks （多种远程访问VPN连接模式支持在所有地点和网络的路客）

liuxingyuan

Features（特性）
Simplified Site-to-Site VPN （简化的站点-到-站点VPN）
Multiple VPN Creation Methods （多种VPN创建方法）
Enhanced IPsec VPN Security （增强的IPSec VPN安全）
Flexible Remote Access Support （灵活的远程访问支持）
Multiple Remote Access VPN Connectivity Modes （多种远程访问VPN连接模式）
Simplified Site-to-Site VPN （简化站点-到-站点VPN）
The IPsec Software Blade provides a unified method to create and manage complex VPNs. The SmartDashboard enables administrators to define participating gateways—including third-party gateways—in large-scale VPNs. VPN gateways can be configured for both star and mesh topologies in minutes with an integrated certificate authority to manage keys.
IPSec软件刀片提供了创建和管理复杂VPN的统一的方法。SmartDashboard使管理员能定义参与的网关-包括第三方网关-在一个巨大的VPN中。VPN网关能在几分钟内被配置成星型和mesh拓扑结构并集成了证书认证授权管理密钥。
Multiple VPN Creation Methods （多种VPN创建方法）
Route-based VPNs—administrators define what traffic should be encrypted by VPN rules, enabling the creation of complex large-scale site-to-site VPNs in dynamic environments. Route-based VPNs also support the extension of dynamic routing and multicast communities across VPNs.
基于路由的VPN—管理员使用VPN规则定义什么样的流露必须被加密，使得在动态环境的复杂大型站点-到-站点的VPNs创建成为可能。基于路由的VPN也支持动态路由扩展和组播通信通过VPNs。
Domain-based VPNs—administrators define which resources behind the gateway should have encrypted VPN traffic.
基于域的VPNs—管理员定义在网关后的哪些资源应该被VPN加密。
Enhanced IPsec VPN Security （增强的IPSec VPN安全）
A key element in Check Point’s philosophy is that VPN connectivity must be matched with a high level of security. The IPsec Software Blade enables you to connect remote users, sites, and partners without worrying that your VPN will become a network backdoor. At your discretion, the IPsec blade can apply the entire security policy to encrypted traffic, a subset of traffic, or allow VPN traffic to enter uninspected.
在Check Point的观点中的一个主要元素是，VPN的连接必须匹配那些高级别的安全。IPSec软件刀片使您能连接远程用户，站点，和合作伙伴，而不必担心你的VPN会成为网络的一个后门。您可以自由决定，IPSec刀片可被用于整体安全策略加密流量，或流量的一个子集，或允许VPN流量不被检查。
In addition, the IPsec Software Blade provides strong security for the VPN against DoS attacks such as those directed against the Internet Key Exchange (IKE) mechanism. The IPsec blade implements a unique solution for IKE DoS, asking unknown gateways attempting to connect to solve a computationally intensive problem before allocating resources.
另外，IPSec软件刀片提供了强大的VPN安全抵御DoS攻击，诸如那些针对IKE机制的攻击。IPSec刀片实现了唯一的IKE DoS解决方案，在分配资源之前，要求未知网关尝试去连接去解决计算密集型问题。
Flexible Remote Access Support（灵活的远程访问支持）
Every enterprise has unique requirements for remote access. The IPsec Software Blade provides flexibility to design a solution to meet your needs with a number of remote access VPN client choices.
每一个企业对于远程访问都有独特的需求。IPSec软件刀片使用了多种远程访问VPN客户端选择，为设计满足您的需求的方案提供了灵活性支持。
² Check Point Endpoint Security—Check Point Endpoint Security is the first single agent for total endpoint security that combines a remote access VPN with the highest-rated firewall, network access control (NAC), program control, antivirus, anti-spyware, and data security features. （Check Point端点安全—Check Point端点安全是首个全面端点安全的单一代理组合了远程访问VPN，使用高速防火墙，网络访问控制（NAC）程序控制，反病毒，反垃圾邮件和数据安全特性）
² SecuRemote—SecuRemote is a basic VPN client that offers IPsec connectivity for remote users.（SecuRemote—SecuRemote是基本VPN客户端为远程用户提供了IPSec连接）
² SecureClient—SecureClient is an advanced VPN client that offers IPsec connectivity for remote users. （SecureClient—SecureClient是高级VPN客户端，为远程用户提供了IPSec连接）
² SecureClient Mobile—SecureClient Mobile delivers firewall protection and secure, uninterrupted remote access for wireless devices such as mobile phones.（SecureClient Mobile—SecureClient Mobile为无线设备（例如移动电话）提供了防火墙保护和安全不中断的远程访问。
² L2TP for iPhone—Support for the iPhone’s built-in L2TP VPN client.（L2TP for iPhone—支持内建L2TPVPN客户端的iPhone）