Check Point 发布了基于全新软件Blade架构的最新安全网关和管理产品R70-中文全球首发

liuxingyuan

Voice over IP (VoIP) Software Blade （VoIP软件刀片）

Overview（概述）
The Check Point security family enables you to deploy VoIP applications such as telephony or video conferencing without introducing new security threats or needing to redesign your network. Because worms and VoIP-specific Denial of Service attacks can take IP phone services down, the Check Point family delivers an evolving solution that understands and protects against existing and new threats that may disrupt business continuity. Check Point solutions also reduce the complexity of VoIP deployment by eliminating such common pain points as incompatibility between VoIP and Network Address Translation.
Check Point安全家族能让您部署VoIP应用程序比如：电话，视频会议等，且不会带来新的安全威胁或重新设计你的网络的需要。因为蠕虫和特定的VoIP拒绝服务攻击可以使IP电话服务当机，Check Point家族提供了一个不断发展的方案，能理解和阻止现有的和新的威胁，这些威胁可能中断业务的连续性。Check Point解决方案也降低了VoIP部署的复杂性，消除了网络地址转换和VoIP之间的不兼容。
Key Benefits （主要优点）
² Increases protection and availability of VoIP against worms and attacks on a converged network（在一个融合的网络上增强保护和提高VoIP的利用，抵御蠕虫和攻击）
² Decreases likelihood of fraud and theft of VoIP services（减少诈骗和偷窃VoIP服务的可能）
² Reduces costs of VoIP deployment by enabling it to work with NAT and other existing network elements （减少了VoIP的部署成本，与NAT和其他现存网络元素协同工作）
² Simplifies extension of VoIP to remote offices and workers （对远程办公室和工作者简化了VoIP扩展）
² Provides preemptive protection for both the VoIP network and the underlying infrastructure（为VoIP网络和基础架构提供抢先的保护）

[ 本帖最后由 liuxingyuan 于 2009-3-2 00:48 编辑 ]

liuxingyuan

Features（特性）
Enabling complex, diverse VoIP protocols （支持复杂，多变的VoIP协议）
Protecting the converged network（保护融合的网络）
Delivering high voice quality（提供高质量的语音）
Solving the NAT problem（解决NAT问题）
Enabling complex, diverse VoIP protocols （支持复杂多变的VoIP协议）
Companies can choose from among a host of VoIP protocols—all which function completely differently and interact with security in ways that traditional firewalls cannot handle. Voice over IP Software Blade delivers the most intelligent security for the widest variety of VoIP protocols available in a perimeter security solution. The intelligent security of the Voice over IP Software Blade delivers two benefits that other perimeter solutions do not. First, it enables complete inspection of both the network layer and the payload—where additional VoIP data is placed. Second, because Check Point Security Gateways were developed to be aware of how VoIP sessions should work, it can detect and stop malicious VoIP activity without administrator interaction.
企业能选择多种主机VoIP协议—所有这些功能是完全不同，传统的防火墙无法安全的处理。VoIP软件刀片提供了最智能的安全解决方案，满足各种不断变化VoIP协议。VoIP软件刀片的智能安全提供其他方案所不能提供的好处，第一，它能完全的检查网络层和负载（VoIP数据存放处）。第二，因为Check Point安全网络被部署并知道VoIP会话怎样去工作，它能检测并阻止恶意的VoIP活动，并不需要管理员的参与。
Protecting the converged network（保护融合的网络）
Placing voice traffic on the data network exposes it to traditional data attacks. The Voice over IP Software Blade goes beyond simple support for VoIP protocols to an awareness of how VoIP works, providing preemptive protection for both the VoIP network and the underlying infrastructure.
将语音流量放置在数据网络中，使之遭受传统数据的攻击。VoIP软件刀片超乎简单支持VoIP协议知道VoIP怎样去工作，为VoIP网络和基础架构提供优先保护。
Delivering high voice quality（提供高质量的语音）
A major concern for VoIP deployments is maintaining the high level of voice quality people are used to from traditional phone services. The Voice over IP Software Blade integrates Quality of Service (QoS) mechanisms to ensure that the quality of voice traffic is not reduced while still maintaining a high level of security.
部署VoIP的关心的问题是保持同人们使用的传统电话服务一样的高水平语音质量。VoIP软件刀片集成了QoS机制确保了语音流的质量不被降低，同时仍旧维持一个高水平的安全。
Solving the NAT problem（解决NAT问题）
Network address translation (NAT) is a common security function that is often incompatible with VoIP deployment. The Voice over IP Software Blade provides the greatest range of deployment options for VoIP in a NAT environment without the use of third-party products.
网络地址转换（NAT）是一个常见的安全功能，经常与VoIP部署不兼容。VoIP软件刀片提供了极大范围的部署选项以支持VoIP的NAT环境，不需要使用第三方产品。

liuxingyuan

Acceleration & Clustering Software Blade（加速和集群软件刀片）

Overview （概述）
The Check Point Acceleration and Clustering Software Blade delivers of set of advanced technologies that work together to maximize performance and security in high-performance environments. These include:
Check Point加速和集群软件刀片提供了高级特性集合，用于最大的性能和高性能的安全环境，包括：
² SecureXL: Security acceleration （SecureXL:安全加速）
A technology patented by Check Point, SecureXL is a software package that provides acceleration of multiple, intensive security operations, including operations that are carried out by a Stateful Inspection firewall from Check Point. Through SecureXL, this firewall can offload the handling of those operations to a performance-optimized software module that runs in the firewall kernel.
Check Point的专利技术，SecureXL是一个软件包，提供了多种加速，加强了安全操作，包括通过Check Point SecureXL的状态化检测防火墙。这类防火墙能处理性能优化软件操作，运行在防火墙核心层。
² CoreXL: Multicore acceleration（CoreXL：多核心加速）
The first security technology to fully leverage general-purpose multicore processors, CoreXL introduces advanced load balancing to increase throughput for the deep inspection required to achieve intrusion prevention on the firewall. Providing increased performance for security functions that have previously been unaccelerated, such as intrusion prevention, it is designed to allow networks to have high performance as well as a high level of security.
安全技术由于普遍使用的多核心处理器而改变，CoreXL提供了高级负载均衡提高了深度检测的吞吐量，在那些要求入侵检测的防火墙上。提供了那些以前未必加速的安全功能的性能，比如：入侵防御。它的设计允许网络具有高性能的同时具有高安全水平。
² ClusterXL: Smart Load Balancing （ClusterXL：智能负载均衡）
ClusterXL provides high availability and load sharing to keep businesses running. It distributes traffic between clusters of redundant gateways so that the computing capacity of multiple machines may be combined to increase total throughput. If an individual gateway becomes unreachable, all connections are redirected to a designated backup without interruption. Tight integration with Check Point management and enforcement points ensures simple deployment.
ClusterXL提供了高可用和负载均衡，保持企业的运行。它将流量分布在冗余网关的集群之间，多机器的计算能力联合增强了整体的吞吐量。如果一个网关变得不可达，所有的连接被重定向到指定的备份，并不带来中断。与Check Point管理和强制点的无缝集成确保了简单的部署。
Key Benefits （主要性能）
² Enables organizations to deploy high levels of application security at high-performance levels（使组织在高性能水平上部署高水平的应用程序安全）
² Provides predictable performance as new threats appear（在新威胁出现时提供可预见的性能）
² Accelerates performance for multimedia or transaction-oriented applications（为多媒体或面向事务的应用程序加速性能）
² Transparent failover（透明容错）
² Effective load distribution（有效负载分布）
² Easy deployment（易于部署）

liuxingyuan

Features（特性）
Security acceleration（安全加速）
Multi-core CPU support（多核CPU支持）
Gateway clustering（网关集群）
Scales as new protections are added（新保护增加）
Security acceleration（安全加速）
SecureXL™, Check Point-patented security acceleration technology, removes latency associated with intense security processing by creating a special device layer that can make security decisions earlier. In both servers and dedicated appliances, performance is affected negatively by memory, system-bus, and CPU speed as traffic passes through a system. By creating a SecureXL device layer, VPN-1 enables security decisions to be made at a lower application level to remove roadblocks associated with poor performance.
SecureXL，Check Point专利安全加速技术，消除了安全进程相关的延迟，创建了一个特殊的设备层，能早期作出安全决策。不论服务器和专注的设备，当流量通过一个系统时，性能受到内存，系统总线和CPU速度的影响。通过创建一个SecureXL设备层，VPN-1能在低应用层次上做安全决策，消除了低性能的瓶颈。
After the start of a transaction, if a packet is examined using traditional security methods and is determined to be safe, the SecureXL device layer takes over responsibility for examining any remaining packets—cutting out latency caused by hardware design. SecureXL can be implemented at both a hardware layer using network processors, as is done on some “Secured by Check Point” appliances from our hardware partners, or at a virtualized software layer on open servers.
在传输开始之后，如果数据包审查使用传统的安全方法和判定它是安全的，SecureXL设备层接管审查剩余的数据包的响应（消除了硬件设计造成的延迟）。SecureXL能使用网络处理器实现在硬件层（Check Point 安全认证的硬件合作伙伴），也能在开放的服务器上实现在虚拟的软件层。
Multi-core CPU support（多核CPU支持）
Multi-core CPUs, which are being used more and more in servers, enable Check Point Security Gateways to share traffic among cores of a single system, providing superior price/performance in one server. The combination of multi-core CPUs and multi-threaded SecureXL security application technology is the foundation for the next generation of security acceleration— application-layer security. By joining a multi-core CPU with SecureXL security acceleration, VPN-1 Power delivers more than 10 Gbps of intrusion prevention.
多核CPUs，在服务器上被越来越多地使用，使Check Point安全网关在一个单一系统的核心之间共享流量，在一个服务器上提高较好的性价比。多核CPU和多线程SecureXL安全设备技术的联合是下一代安全加速的基本原理（即应用层安全）。通过在SecureXL安全加速上加入多核CPU，VPN-1 Power提供了高达10Gbps的入侵预防能力。
Gateway clustering（网关集群）
To provide acceleration as well as enhanced reliability, organizations can use ClusterXL to cluster multiple VPN-1 security gateways to improve performance. ClusterXL combines stateful failover of security functions with the ability to dynamically share traffic loads among multiple gateways. This enables near-linear scalability for large deployments without the cost of separate load-balancing equipment.
为提供加速和增强的可靠性，组织使用CluserXL集群多个VPN-1安全网关去提高性能。CluserXL组合了状态化故障恢复安全功能，提供了在多个网关间动态共享流量负载的能力。这使得大型部署接近线速处理能力，没有增加负载均衡设备的成本。
Scales as new protections are added（新保护的增加）
Because Check Point security gateways are software-based solutions, it is possible for organizations to quickly take advantage of open-system hardware improvements such as multi-core CPUs or improved memory or bus speeds. By avoiding closed architectures—like those found in specialized security hardware that rely on ASICs, which cannot adapt to new threats for performance acceleration—VPN-1 security gateways enable you to maintain security against evolving threats without compromising on performance.
因为Check Point安全网关是基于软件的解决方案，这使得组织能在一个开放系统上增加诸如多核或提高内存或总线速度而获得好处成为可能。通过避免封闭式架构（比如依赖于ASICS的安全硬件）无法适应新威胁的性能加速，VPN-1安全网关使你能维护安全抵御不断演化的威胁，且不造成性能损失。

liuxingyuan

Network Policy Management Software Blade（网络协议管理软件刀片）

Overview（概述）
In the face of increasingly sophisticated attacks, it takes multiple layers of security to be protected today—at the perimeter, inside the network, at all user endpoints. How can you manage the growing complexity? Check Point’s Network Policy Management Software Blade gives you control over configuring and managing even the most complex security deployments. Based on Check Point's unified security architecture, the Network Policy Management Software Blade provides comprehensive security policy management using SmartDashboard – a single, unified console for all security functionalities.
面对日益复杂的攻击，今天，安全的多个层次必须被支持，包括周边，网络内部，用户端点。你怎样管理日益复杂的环境呢？Check Point管理软件刀片为您提供了控制和管理甚至复杂安全部署的能力。基于Check Point的统一安全架构，网络策略管理软件刀片提供了综合的安全策略管理，使用了SmartDashboard，提供所有安全功能的单一的，统一的控制台。
Key Benefits（主要优点）
² Maximizes operational efficiency（最大化操作效率）
² Ensures consistent policy enforcement（确保强制策略的一致）
² Intuitive graphical UI（智能感知的图形化UI）
Granular control of administrator privileges（管理员权利的颗粒度控制）

[ 本帖最后由 liuxingyuan 于 2009-3-2 20:45 编辑 ]

liuxingyuan

Features（特性）
Comprehensive Network Policy Management（全面的网络策略管理）
Consistent Policy Enforcement（统一的策略强制）
Intuitive Graphical User Interface（智能图形化用户接口）
Granular Control of Administrator Privileges（管理员权限的细粒度控制）
Comprehensive Network Policy Management （全面网络策略管理）
The Check Point Network Policy Management Software Blade increases operational efficiency by providing a single integrated and unified console for managing network security policy. Configure and administrate all Security Gateway Software Blades—Firewall, VPN, IPS, Web Security, URL Filtering, Anti-Virus & Anti-Malware, Anti-Spam & Email Security, Advanced Networking, Acceleration & Clustering, and Voice over IP—using the Network Policy Management Software Blade.
Check Point网络策略管理软件刀片提供了操作效率，提供单一，综合和统一的管理网络策略的控制台。配置和管理所有的安全网关刀片——防火墙，VPN，IPS，Web安全，URL过滤，反病毒与反恶意软件，反垃圾邮件与邮件安全，高级网络，加速与集群，VoIP——使用网络策略管理软件刀片。
Consistent Policy Enforcement（一致的强制策略）
Network security policies for all Security Gateways in a network can be managed through the same policy, sharing common device and network objects. Managing your Security Gateway Software Blades with a common set of device and network objects enables consistent security policy enforcement throughout your network.
在一个网络的所有安全网关的网络安全策略可通过相同的策略进行管理，共享普通设备和网络对象。管理你的安全网关刀片使用普通设备集合网络对象使你能在您的网络中统一强制策略。
Intuitive Graphical User Interface（智能感知的图形化用户接口）
The Network Policy Management Software Blade provides an intuitive graphical user interface for managing a wide set of security policy functions. IT staff can drag-and-drop objects into policy fields, create policy labels and regions, annotate rules, and easily navigate between Software Blade management tabs. It’s all centrally organized in a single, easy-to-use graphical user interface.
网络策略管理软件刀片提供了智能化管制图形用户接口，管理一个广泛的安全策略功能集。IT人员能拖拽对象到策略的字段，创建策略标签和注册，注释规则，在软件刀片管理tab之间容易的导航。这一切都集中组织在一个单一的，易于使用的图形用户接口内。

Granular Control of Administrator Privileges（管理权限的细粒度控制）
Permission profiles allow advanced customization of administrator privileges, enabling the safe creation of auditor and troubleshooting accounts for auxiliary and support staff. Accounts can be configured to permit Read-Only or Read-Write access to each Software Blade.
许可轮廓允许高级自定义管理员的权限，对于辅助和支持人员的排错河审计创建了安全。账户可以针对每个软件刀片配置为只读或读写访问。

liuxingyuan

Endpoint Policy Management Software Blade（端点策略管理软件刀片）

Overview（概述）
Enterprises have typically deployed some standalone point solutions for endpoint security such as a personal firewall or antivirus software. This approach quickly becomes a management nightmare in organizations with hundreds or thousands of PCs. For example, each time a software update is available for individual endpoint agents, IT must execute a rigorous engineering test cycle to qualify the release for performance and compatibility before pushing the update out to endpoints. Because it is not uncommon for enterprises to have three or more endpoint security agents on each device, implementation can become very time consuming and costly.
为了端点安全，企业拥有典型部署一些单独的解决方案，比如，个人防火墙或反病毒软件。在一个又有成百上千个PCs的环境中这是几乎不可能的。例如，为了单独的端点代理的每一次软件升级，IT必须经过严格的测试周期以保证那些版本的质量和性能后，才能推送到端点进行升级。因为在为一个设备上拥有三个或多个端点代理是常见的，因此每次实现需要极高的花费。
A new strategy is to unify endpoint security with functionality on each PC that is centrally deployed and managed by IT security specialists on a single console. Unification of security functionality allows for simplified deployment and management, which lowers the overall cost of operations. With a unified agent approach, IT will only have to run test cycles for one agent and will have the assurance that each function within that agent is compatible. However, to achieve strong endpoint security, an enterprise should carefully consider functions in a particular unified endpoint solution. Only a comprehensive set of security controls can provide an enterprise with complete endpoint security.
一个全新的策略，单一的端点安全，使IT安全管理员在一个单一的控制台上，部署和管理每一个PC的功能。统一的安全功能允许简单的部署和管理，带来了操作的低成本。使用统一代理，IT只需测试一次，而保证了每个功能在这个代理上是兼容的。然而，为完成强大的端点安全，一个企业应该仔细的考虑在一个特定统一端点解决方案中的功能，一个完整的安全控制策略集能提供给一个企业完全的端点安全。
The Endpoint Policy Management Software Blade enables you to centrally manage the security products you use on your organization's end-user devices. This means that you can take and keep control of computing devices and the sensitive information they contain.
端点策略管理软件刀片能使你集中的管理安全产品，在你组织内使用的端点用户设备。这意味着，您可以采取和继续控制计算设备，和敏感信息。
Key Benefits（主要优点）
² Centralized and delegated management options（集中的和代表级管理选项）
² Central monitoring and reporting on every endpoint security control（在每一个端点安全控制上集中监视和报告）
² Faster security incident discovery, monitoring, and forensics（快速安全骚动发现，监视，和取证）
² Comprehensive reporting and support for audits and compliance（综合的报告支持审计和服从）
² Easier, faster deployment of software using single agent without requiring on-site manual intervention of IT or end users resulting in lower TCO（容易，快速的软件部署使用单一代理，不需要IT人员和终端用户站上手工干预，导致地的TCO）
Unification of endpoint security with network security event management（统一的端点安全和网络安全事件管理）

[ 本帖最后由 liuxingyuan 于 2009-3-2 20:49 编辑 ]

liuxingyuan

Features（特性）
Firewall Rules（防火墙规则）
Access Zones and Zone Rules（访问区域和区域规则）
Program Control Policies（程序控制策略）
Program Advisor Service Policies（程序顾问服务策略）
Program Enforcement Policies（程序强制策略）
Cooperative Enforcement&#reg; Policies（遵从性强直策略）
Check Point Antispyware Policies（Check Point反间谍软件策略）
Check Point Antivirus Policies（Check Point反病毒策略）
Firewall Rules（防火墙规则）
Provides same the level of security as standard perimeter firewalls by restricting or allowing network activity based on connection information
作为标准的周边防火墙提供相同的安全水平，基于连接信息限制和允许网络的活动。
Access Zones and Zone Rules（访问区域和区域规则）
Provides network security through creating groups of locations to which you assign network permissions（通过创建位置组提供网络的安全，关联网络的访问许可）
Program Control Policies （程序控制策略）
Restricts network access on a per-application basis（在每一应用的基础上限制网络的访问）
Program Advisor Service Policies（程序顾问服务策略）
Automates application control management（自动应用程序控制管理）
Program Enforcement Policies（程序强制性策略）
Ensures that every Endpoint computer meets application and version requirements before it connects to the network. For example, using Program Enforcement, you can require that Endpoint computers have a certain version of Antivirus protection
在它连接到网络之前，确保每个端点计算机满足应用和版本要求。例如，使用程序强制，你能要求端点计算机必须安装特定版本的防病毒软件。
Cooperative Enforcement&#reg; Policies（合作强制策略）
Restricts or disconnects noncompliant users at the network access/authorization level（在网络访问/授权层次上限制或断开不服从的用户）
Check Point Antispyware Policies（Check Point反间谍软件策略）
Protects your company’s data by detecting and removing spyware（通过检测和删除间谍软件，保护你的计算机数据）
Check Point Antivirus Policies（Check Point反病毒策略）
Provides centrally-managed antivirus protection to your Endpoint users（提供集中管理你的终端用户的病毒防护）

liuxingyuan

Logging & Status Software Blade（日志与状态软件刀片）

Overview（概述）
The Logging and Status Software Blade provides comprehensive information on security activity in the form of logs and a complete visual picture of changes to gateways, tunnels, remote users, and security activities.
日志与状态软件刀片提供了安全活动的综合信息，日志的形式，是一个完整的可视视图，包括网关，隧道，远程用户和安全活动的改变
Logging Overview（日志概述）
Check Point products provide you with the ability to collect comprehensive information on your network activity in the form of logs. You can then analyze your traffic patterns, troubleshoot networking and security issues, gather information for legal or audit purposes, and generate reports to analyze network traffic patterns.
Check Point产品为你提供了收集综合信息的能力，是安全活动的日志形式。你能分析你的流量模式，排错网络和安全问题，收集信息，满足合法审计的目的，产生报告分析网络流量模式。
The SmartCenter server makes these logs available for inspection via SmartView Tracker, a comprehensive auditing solution, enabling central management of both active and old logs of all Check Point products. You can conveniently customize searches to address specific tracking needs; integrate the logs with Check Point's Reporting Software Blade or the Event Correlation Software Blade, export them to text files or to an external database, or use an OPSEC certified third party solution.
SmartCenter服务器通过SmartView Tracker使这些日志可见，一个综合审计解决方案，能集中管理所有Check Point产品活动的或旧的日志，你能方便自定义搜索以满足特定的跟踪需求；与Check Point报告软件刀片或事件关联软件刀片集成，输出它们为文本文件或到一个外部的数据库，或使用OPSEC认证的第三方解决方案。
Key Benefits （主要优点）
² Real-time visual tracking of all logged connections and administrator activity（实时可视跟踪连接的日志和管理员的活动）
² Predefined product log queries provides a focused searches on what’s important（预定义的产品查询日志提供了一个聚焦重要事件的搜索。）
² Automatic log maintenance for easy management of volumes of data（自动日志维护，便于管理大量数据）
² Secure management of sensitive data（安全管理敏感数据）

[ 本帖最后由 liuxingyuan 于 2009-3-2 20:53 编辑 ]

liuxingyuan

Logging features（日志特性）
Real-time visibility and troubleshooting（实时可视和排错）
Deployment flexibility（部署灵活）
Automatic log maintenance （自动日志维护）
Tight integration （无缝集成）
Real-time visibility and troubleshooting（实时可视和排错）
SmartView Tracker provides real-time visual tracking of all logged connections and administrator activity. Administrators can filter or search for events of interest.
These features dramatically reduce the time required to troubleshoot configuration errors.
SmartView Track提供了实时地可视追踪所有连接的日志和管理员的活动。管理员能过滤或搜索感兴趣的事件。这些特性极大的减少排除配置错误的时间要求
Deployment flexibility（部署灵活）
Logs can be stored locally on the Firewall Software Blades or a more common configuration is it store logs on a remote Logging and Status Software Blade. The module sends logs to a Logging and Status Software Blade which collects and stores them.
Deployment flexibility means that customers have full control of sensitive data and can size systems to match their particular logging capacity requirements.
日志能被存储在防火墙软件刀片本地，或一个更常用的配置是存储日志到远程的日志和状态软件刀片。该模块发送日志到日志与状态软件刀片，在那里收集和存储它们。部署的灵活性意味着客户拥有对敏感数据的完全控制和匹配他们特定的日志能力需求
Automatic log maintenance（自动日志维护）
Logs are automatically switched when reaching a configurable size and administrators have full management of switched log files to ensure disk space limits are not exceeded.
日志自动的交换当到了一个配置大小，管理员拥有完全的管理交换日志文件控制，确保磁盘空间限制不被超过。
Tight integration （无缝集成）
Customers have multiple options for ensuring that their sensitive data is managed securely and also have multiple options for managing the volumes of data generated by firewall, endpoints, and other enforcement points.
These include Check Point and 3rd party solutions that retrieve Check Point logs using the secure OPSEC LEA API.
客户拥有多个选项确保他们的敏感数据被安全的管理，同时也拥有多个选项管理防火墙，端点和其他强制点产生的数据量。这些包括Check Point和第三方解决方案，使用了安全的OPSEC LEA API。