Chapter 1. The design of firewall environments 13
gateways using certificates from multiple CAs, and even certificates from
different vendors.
Benefit:
• Enables the establishment of heterogeneous extranets with key business
partners and customers.
High Availability for IPSec/IKE
VPN-1 Gateway V4.1 state table synchronization has been enhanced to
handle IPSec/IKE session information, enabling high availability solutions that
maintain IPSec/IKE connections during fail-over. IPSec/IKE synchronization
and fail-over capabilities support both site-to-site and client-to-site VPN
connections. These enhancements also enable third-party products to do
load balancing between VPN-1 Gateways. High Availability solutions, which
leverage these capabilities, are offered both by Check Point and by OPSEC
partners.
Benefits:
• Mission-critical VPN gateways are always available.
• In the event of a failure, users can continue working with complete
transparency.
Hybrid Mode Authentication (New in VPN-1/FireWall-1 V4.1 SP1)
Check Points' Hybrid Mode Authentication for IPSec enables the use of
widely deployed ("legacy") authentication techniques, such as token cards,
RADIUS, and TACACS+, within IPSec VPNs. The hybrid mode authentication
technology is currently an IETF draft, making Check Point the only vendor
with a solution being considered for inclusion into the IPSec standard.
Benefits:
• Strong security through the IPSec standard and the technologies it
supports, such as the Internet Key Exchange (IKE) and Triple DES
encryption.
• Standards-based interoperability that does not require the deployment of
new authentication technologies such as X.509 certificates.
Visual Policy Editor (Formerly known as the Topology GUI) (New in
VPN-1/FireWall-1 V4.1 SP1)
Provides a comprehensive picture of enterprise security deployment by
drawing a map of security objects, such as firewalls, VPNs, servers,