Embed Size (px)
DESCRIPTION
Module 1 Architecture
Citation preview
Ch
eck P
oin
t S
ecu
rity
C
heck P
oin
t S
ecu
rity
A
dm
inis
trati
on
Ad
min
istr
ati
on
Mo
du
le 1
: M
od
ule
1:
VP
NV
PN
--1 N
GX
Arc
hit
ectu
re1 N
GX
Arc
hit
ectu
re
Au
tho
rize
d D
istr
ibu
tor
in V
ietn
am
Ng
uyễ
n
Ng
uyễ
n N
hư
Như
Bằ
ng
Bằ
ng
Secu
rity
Ad
min
istr
ati
on
Secu
rity
Ad
min
istr
ati
on
Co
urs
e M
ap
Co
urs
e M
ap
Mo
du
le 1
:M
od
ule
1:
VP
NV
PN
--1 N
GX
Arc
hit
ectu
re1 N
GX
Arc
hit
ectu
re
Mo
du
le 2
:M
od
ule
2:
Secu
rity
Po
licy
Secu
rity
Po
licy
Mo
du
le 3
:M
od
ule
3:
Netw
ork
Ad
dre
ss T
ran
sla
tio
nN
etw
ork
Ad
dre
ss T
ran
sla
tio
n
Mo
du
le 4
:M
od
ule
4:
Mo
nit
ori
ng
Mo
nit
ori
ng
Mo
du
le 4
:M
od
ule
4:
Mo
nit
ori
ng
Mo
nit
ori
ng
Mo
du
le 5
: M
od
ule
5:
Dis
aste
r R
eco
very
Dis
aste
r R
eco
very
Mo
du
le 1
:M
od
ule
1:
VP
NV
PN
--1 N
GX
Arc
hit
ectu
re1 N
GX
Arc
hit
ectu
re
Intr
od
uc
tio
nIn
tro
du
cti
on
Ob
jecti
ves
Ob
jecti
ves
��D
es
cri
be
th
e p
urp
os
e o
f a
fir
ew
all
De
sc
rib
e t
he
pu
rpo
se
of
a f
ire
wa
ll
��D
es
cri
be
an
d c
om
pa
re f
ire
wa
ll a
rch
ite
ctu
res
De
sc
rib
e a
nd
co
mp
are
fir
ew
all a
rch
ite
ctu
res
��Id
en
tify
th
e d
iffe
ren
t c
om
po
ne
nts
of
Ide
nti
fy t
he
dif
fere
nt
co
mp
on
en
ts o
f ��
Ide
nti
fy t
he
dif
fere
nt
co
mp
on
en
ts o
f Id
en
tify
th
e d
iffe
ren
t c
om
po
ne
nts
of
VP
NV
PN
--1 N
GX
1 N
GX
��D
istr
ibu
ted
De
plo
ym
en
tsD
istr
ibu
ted
De
plo
ym
en
ts
��S
VN
Fo
un
da
tio
n a
nd
SIC
SV
N F
ou
nd
ati
on
an
d S
IC
��S
ma
rtC
on
so
leS
ma
rtC
on
so
lec
om
po
ne
nts
co
mp
on
en
ts
��L
ab
1:
NG
X S
tan
dL
ab
1:
NG
X S
tan
d--a
lon
e In
sta
lla
tio
na
lon
e In
sta
lla
tio
n
Descri
be t
he p
urp
ose o
f a f
irew
all
Descri
be t
he p
urp
ose o
f a f
irew
all
Fir
ew
all
F
ire
wa
ll T
ec
hn
olo
gie
sT
ec
hn
olo
gie
s
A f
irew
all
is a
syste
m d
esig
ned
to
A f
irew
all
is a
syste
m d
esig
ned
to
��p
rev
en
t p
rev
en
t u
na
uth
ori
se
du
na
uth
ori
se
da
cc
es
s t
o o
r fr
om
a
ac
ce
ss
to
or
fro
m a
s
ec
ure
d n
etw
ork
se
cu
red
ne
two
rk
��a
ct
as
a lo
ck
ed
se
cu
rity
do
or
be
twe
en
in
tern
al
ac
t a
s a
lo
ck
ed
se
cu
rity
do
or
be
twe
en
in
tern
al
��a
ct
as
a lo
ck
ed
se
cu
rity
do
or
be
twe
en
in
tern
al
ac
t a
s a
lo
ck
ed
se
cu
rity
do
or
be
twe
en
in
tern
al
an
d e
xte
rna
l n
etw
ork
sa
nd
ex
tern
al n
etw
ork
s
��d
ata
me
eti
ng
ce
rta
in c
rite
ria
will b
e a
llo
we
d
da
ta m
ee
tin
g c
ert
ain
cri
teri
a w
ill b
e a
llo
we
d
thro
ug
hth
rou
gh
Ho
wever,
no
te t
hat
a f
irew
all
can
on
ly
Ho
wever,
no
te t
hat
a f
irew
all
can
on
ly
pro
tect
a n
etw
ork
fro
m t
raff
ic f
ilte
red
p
rote
ct
a n
etw
ork
fro
m t
raff
ic f
ilte
red
th
rou
gh
it
thro
ug
h it
Descri
be a
nd
co
mp
are
fir
ew
all
Descri
be a
nd
co
mp
are
fir
ew
all
arc
hit
ectu
res
arc
hit
ectu
res
Fir
ew
all
Te
ch
no
log
ies
Fir
ew
all
Te
ch
no
log
ies
Packet
Fil
ters
Packet
Fil
ters
Ap
pli
cati
on
Ap
pli
cati
on
--Layer
Gate
way
Layer
Gate
way
Sta
tefu
lS
tate
fulIn
sp
ecti
on
Insp
ecti
on
Packet
Filte
rsP
acket
Filte
rs
Pa
ck
et
Fil
teri
ng
Pa
th i
n t
he
OS
I M
od
el
Pa
ck
et
Fil
teri
ng
Pa
th i
n t
he
OS
I M
od
el
Ap
plicati
on
Ap
plicati
on
--Layer
Gate
way
Layer
Gate
way
Ap
pli
ca
tio
nA
pp
lic
ati
on
--La
ye
r G
ate
wa
y P
ath
La
ye
r G
ate
wa
y P
ath
Sta
tefu
lS
tate
fulIn
sp
ecti
on
Insp
ecti
on
Sta
tefu
lS
tate
ful
Ins
pe
cti
on
Te
ch
no
log
yIn
sp
ec
tio
n T
ec
hn
olo
gy
inve
nte
d b
y
inve
nte
d b
y C
he
ck
Po
int
Ch
ec
kP
oin
tS
oft
ware
Te
ch
no
log
ies
So
ftw
are
Te
ch
no
log
ies
VP
NV
PN
--1 N
GX
Arc
hit
ectu
re1 N
GX
Arc
hit
ectu
re
Sm
art
Co
ns
ole
Sm
art
Co
ns
ole
&
& S
ma
rtD
as
hb
oa
rdS
ma
rtD
as
hb
oa
rd
Sm
art
Ce
nte
rS
ma
rtC
en
ter
(Ma
na
ge
me
nt)
(Ma
na
ge
me
nt)
Se
cu
rity
Ga
tew
ay (
En
forc
em
en
t)S
ec
uri
ty G
ate
wa
y (
En
forc
em
en
t)
Sm
art
Cen
ter
Sm
art
Co
nso
le
Sec
uri
ty G
ate
wa
y
Sm
art
Co
nso
leS
mart
Co
nso
le&
&
Sm
art
Dash
bo
ard
Sm
art
Dash
bo
ard
Sm
art
Co
nso
le
Sm
art
Cen
ter
Sm
art
Cen
ter
(Man
ag
em
en
t)(M
an
ag
em
en
t)
Se
cu
rity
po
lic
y i
s d
efi
ne
d u
sin
g t
he
S
ec
uri
ty p
oli
cy i
s d
efi
ne
d u
sin
g t
he
Sm
art
Da
sh
bo
ard
Sm
art
Da
sh
bo
ard
It is
th
en
sa
ve
d t
o t
he
It
is
th
en
sa
ve
d t
o t
he
Sm
art
Ce
nte
rS
ma
rtC
en
ter
Sm
art
Ce
nte
rS
ma
rtC
en
ter
ma
inta
ins
FW
ma
inta
ins
FW
--1
1
da
tab
as
es
in
clu
din
gd
ata
ba
se
s i
nc
lud
ing
da
tab
as
es
in
clu
din
gd
ata
ba
se
s i
nc
lud
ing
netw
ork
ob
ject
defi
nit
ion
sn
etw
ork
ob
ject
defi
nit
ion
s
user
defi
nit
ion
su
ser
defi
nit
ion
s
secu
rity
po
licy
secu
rity
po
licy
log
fil
es
log
fil
es
Sm
art
Cen
ter
Secu
rity
Gate
way (
En
forc
em
en
t)S
ecu
rity
Gate
way (
En
forc
em
en
t)
De
plo
ye
d o
n t
he
ga
tew
ay
De
plo
ye
d o
n t
he
ga
tew
ay
An
In
sp
ec
tio
n s
cri
pt
wri
tte
n i
n
An
In
sp
ec
tio
n s
cri
pt
wri
tte
n i
n
INS
PE
CT
is
ge
ne
rate
d f
rom
th
e
INS
PE
CT
is
ge
ne
rate
d f
rom
th
e
se
cu
rity
po
lic
ys
ec
uri
ty p
oli
cy
Ins
pe
cti
on
co
de
is
co
mp
ile
d f
rom
th
e
Ins
pe
cti
on
co
de
is
co
mp
ile
d f
rom
th
e
Ins
pe
cti
on
co
de
is
co
mp
ile
d f
rom
th
e
Ins
pe
cti
on
co
de
is
co
mp
ile
d f
rom
th
e
sc
rip
t a
nd
do
wn
loa
de
d t
o t
he
s
cri
pt
an
d d
ow
nlo
ad
ed
to
th
e S
ec
uri
ty
Se
cu
rity
Ga
tew
ay
Ga
tew
ay
Sec
uri
ty G
ate
wa
yS
ecu
rity
Ga
tew
ay
Ho
w V
PN
Ho
w V
PN
--1 N
GX
Wo
rks
1 N
GX
Wo
rks
Secu
rity
featu
res…
Secu
rity
featu
res…
VP
N (
site
-to
-sit
e, r
emo
te a
cces
s)st
andar
d
Th
e b
est
Fir
ewa
ll i
n t
he
ma
rket
HT
TP
FT
P
Inst
an
t M
sgE
-ma
ilP
2P
Vo
IPS
QL
stan
dar
d
Intr
usi
on
Pre
ven
tio
nsu
bsc
ripti
on
An
ti-S
pa
msu
bsc
ripti
on
Web
Ap
pli
cati
on
Fir
ewa
llex
pan
sio
n
SS
L V
PN
/ Q
oS
expan
sio
n
UR
L F
ilte
rin
gsu
bsc
ripti
on
An
ti-v
iru
s / A
nti
-sp
yw
are
subsc
ripti
on
UT
MU
TM
--1 A
pp
lian
ces
1 A
pp
lian
ces
UT
M-1
27
0U
TM
-45
0U
TM
-1 5
70
UT
M-1
10
50
UT
M-1
20
50
UT
M-1
30
70
So
ftw
are
Ed
itio
nN
GX
R6
5N
GX
R6
5N
GX
R6
5N
GX
R6
5N
GX
R6
5N
GX
R6
5
10
/10
0 P
ort
s-
--
44
-
10
/10
0/1
000 P
ort
s4
44
44
10
Fir
ew
all
Th
rou
gh
pu
t4
00
Mb
ps
40
0 M
bp
s1
.1 G
bp
s1
.2 G
bp
s2
.4 G
bp
s4
.5 G
bp
s
VP
N T
hro
ug
hp
ut
10
0 M
bp
s2
00
Mb
ps
25
0 M
bp
s2
20
Mb
ps
38
0 M
bp
s1
.1 G
bp
s
Co
nc
urr
en
t S
es
sio
ns
40
0,0
00
70
0,0
00
50
0,0
00
80
0,0
00
1.1
Mil
lio
n1
.1 M
illi
on
Sto
rag
e C
ap
ac
ity
16
0 G
bp
s8
0 G
bp
s1
60
Gb
ps
80
Gb
ps
80
Gb
ps
16
0 G
bp
s
Ma
na
ge
d S
ite
s2
33
35
5
Po
wer
Po
wer--
1 A
pp
lian
ces
1 A
pp
lian
ces
Po
we
r-1
50
70
Po
we
r-1
90
70
So
ftw
are
Ed
itio
nN
GX
R6
5 P
ow
er
NG
X R
65
Po
we
rS
oft
wa
re E
dit
ion
NG
X R
65
Po
we
rN
GX
R6
5 P
ow
er
10
/10
0/1
00
0 P
ort
s8
/12
12
/16
Fir
ew
all
Th
rou
gh
pu
t9
Gb
ps
14
Gb
ps
VP
N T
hro
ug
hp
ut
2.4
Gb
ps
3.7
Gb
ps
Co
nc
urr
en
t S
es
sio
ns
1.1
Mil
lio
n1
.1 M
illi
on
Intr
us
ion
Pre
ve
nti
on
4.5
Gb
ps
6.1
Gb
ps
Sto
rag
e C
ap
ac
ity
16
0 G
b2
X 1
60
Gb
Se
cu
rity
Ac
ce
lera
tio
nY
es
Ye
s
Dis
trib
ute
d D
ep
loym
en
tsD
istr
ibu
ted
Dep
loym
en
ts
SV
N F
ou
nd
ati
on
SV
N F
ou
nd
ati
on
Ch
eck P
oin
t C
heck P
oin
t S
VN
S
VN
Fo
un
dati
on
(F
ou
nd
ati
on
(C
PS
hare
dC
PS
hare
d)
is
) is
th
e O
pera
tin
g S
yste
m i
nte
gra
ted
wit
h e
very
th
e O
pera
tin
g S
yste
m i
nte
gra
ted
wit
h e
very
C
heck P
oin
t C
heck P
oin
t p
rod
uct
pro
du
ct
All
A
ll C
heckP
oin
tC
heckP
oin
tp
rod
ucts
use t
he C
PO
S
pro
du
cts
use t
he C
PO
S
serv
ices v
ia
serv
ices v
ia C
PS
hare
dC
PS
hare
d
Th
e S
VN
Fo
un
dati
on
in
clu
des :
Th
e S
VN
Fo
un
dati
on
in
clu
des :
Th
e S
VN
Fo
un
dati
on
in
clu
des :
Th
e S
VN
Fo
un
dati
on
in
clu
des :
��S
ecu
re I
nte
rnal C
om
mu
nic
ati
on
s (
SIC
)S
ecu
re I
nte
rnal C
om
mu
nic
ati
on
s (
SIC
)
��C
heckP
oin
tC
heckP
oin
tre
gis
try
reg
istr
y
��C
PS
hare
dC
PS
hare
dd
aem
on
daem
on
��W
atc
h D
og
fo
r cri
tical
serv
ices
Watc
h D
og
fo
r cri
tical
serv
ices
��cp
co
nfi
gcp
co
nfi
g
��L
icen
se u
tili
ties
Lic
en
se u
tili
ties
��S
NM
P d
aem
on
SN
MP
daem
on
Secu
re In
tern
al C
om
mu
nic
ati
on
(S
IC)
Secu
re In
tern
al C
om
mu
nic
ati
on
(S
IC)
Co
mm
un
ica
tio
n
Co
mm
un
ica
tio
n C
om
po
ne
nts
Co
mp
on
en
ts
Se
cu
rity
Be
ne
fits
Se
cu
rity
Be
ne
fits
SIC
S
IC C
ert
ific
ate
sC
ert
ific
ate
s
Co
mm
un
icati
on
Co
mp
on
en
tsC
om
mu
nic
ati
on
Co
mp
on
en
ts
SIC
S
IC s
ec
ure
s c
om
mu
nic
ati
on
be
twe
en
s
ec
ure
s c
om
mu
nic
ati
on
be
twe
en
Ch
ec
k P
oin
t C
he
ck
Po
int
SV
N c
om
po
ne
nts
su
ch
S
VN
co
mp
on
en
ts s
uc
h
as
as
��S
ma
rtC
en
ter
Sm
art
Ce
nte
r
��S
ma
rtC
on
so
leS
ma
rtC
on
so
le��
Sm
art
Co
ns
ole
Sm
art
Co
ns
ole
��S
ec
uri
ty G
ate
wa
yS
ec
uri
ty G
ate
wa
y
��C
us
tom
er
Cu
sto
me
r lo
g m
od
ule
slo
g m
od
ule
s
��O
PS
EC
ap
plic
ati
on
sO
PS
EC
ap
plic
ati
on
s
��...
...
Secu
rity
Ben
efi
ts o
f S
ICS
ecu
rity
Ben
efi
ts o
f S
IC
Co
nfi
rms
C
on
firm
s a
a
Sm
art
Co
ns
ole
Sm
art
Co
ns
ole
co
nn
ec
tin
g
co
nn
ec
tin
g
to a
to
a S
ma
rtC
en
ter
Sm
art
Ce
nte
ris
is
au
tho
ris
ed
au
tho
ris
ed
Ve
rifi
es
V
eri
fie
s t
ha
t a
se
cu
rity
po
lic
y l
oa
de
d
tha
t a
se
cu
rity
po
lic
y l
oa
de
d
on
a
on
a S
ec
uri
ty G
ate
wa
y
Se
cu
rity
Ga
tew
ay c
am
e f
rom
an
c
am
e f
rom
an
au
tho
ris
ed
a
uth
ori
se
d S
ma
rtC
en
ter
Sm
art
Ce
nte
ra
uth
ori
se
d
au
tho
ris
ed
Sm
art
Ce
nte
rS
ma
rtC
en
ter
SIC
en
su
res
th
at
da
ta p
riv
ac
y a
nd
S
IC e
ns
ure
s t
ha
t d
ata
pri
va
cy a
nd
inte
gri
ty i
s m
ain
tain
ed
inte
gri
ty i
s m
ain
tain
ed
SIC
Cert
ific
ate
sS
IC C
ert
ific
ate
s
SIC
S
IC f
or
for
Ch
ec
k P
oin
t C
he
ck
Po
int
VP
N u
se
s
VP
N u
se
s
ce
rtif
ica
tes
fo
r a
uth
en
tic
ati
on
an
d
ce
rtif
ica
tes
fo
r a
uth
en
tic
ati
on
an
d
sta
nd
ard
ss
tan
da
rds
--ba
se
d S
SL
fo
r e
nc
ryp
tio
nb
as
ed
SS
L f
or
en
cry
pti
on
En
ab
les
E
na
ble
s e
ac
h
ea
ch
Ch
ec
k P
oin
t C
he
ck
Po
int
en
ab
led
e
na
ble
d
ma
ch
ine
to
be
un
iqu
ely
id
en
tifi
ed
ma
ch
ine
to
be
un
iqu
ely
id
en
tifi
ed
ma
ch
ine
to
be
un
iqu
ely
id
en
tifi
ed
ma
ch
ine
to
be
un
iqu
ely
id
en
tifi
ed
Ce
rtif
ica
tes
C
ert
ific
ate
s a
re g
en
era
ted
by t
he
a
re g
en
era
ted
by t
he
Inte
rna
l C
ert
ific
ate
of
Au
tho
rity
(IC
A)
Inte
rna
l C
ert
ific
ate
of
Au
tho
rity
(IC
A)
on
th
e
on
th
e S
ma
rtC
en
ter
Sm
art
Ce
nte
r
A
A u
niq
ue
ce
rtif
ica
te is
ge
ne
rate
d f
or
un
iqu
e c
ert
ific
ate
is
ge
ne
rate
d f
or
ea
ch
ph
ys
ica
l m
ac
hin
ee
ac
h p
hys
ica
l m
ac
hin
e
Dis
trib
ute
d V
PN
Dis
trib
ute
d V
PN
--1 N
GX
co
nfi
gu
rati
on
1 N
GX
co
nfi
gu
rati
on
w
ith
cert
ific
ate
sw
ith
cert
ific
ate
s
Sm
art
Co
nso
leS
mart
Co
nso
leco
mp
on
en
tsco
mp
on
en
ts
Sm
art
Da
sh
bo
ard
Sm
art
Da
sh
bo
ard
Sm
art
Vie
wS
ma
rtV
iew
Tra
ck
er
Tra
ck
er
Sm
art
Up
da
teS
ma
rtU
pd
ate
Sm
art
Vie
wS
ma
rtV
iew
Mo
nit
or
Mo
nit
or
Sm
art
Vie
wS
ma
rtV
iew
Mo
nit
or
Mo
nit
or
Sm
art
Ma
pS
ma
rtM
ap
Sm
art
Vie
wS
mart
Vie
wT
racker
Tra
cker
Sm
art
Up
date
Sm
art
Up
date
Sm
art
Up
date
Sm
art
Up
date
……
Sm
art
Vie
wS
mart
Vie
wM
on
ito
rM
on
ito
r
Sm
art
Map
Sm
art
Map
Lab
1:
NG
X S
tan
dL
ab
1:
NG
X S
tan
d--a
lon
e In
sta
llati
on
alo
ne In
sta
llati
on
Lab
1:
NG
X S
tan
dL
ab
1:
NG
X S
tan
d--a
lon
e In
sta
llati
on
alo
ne In
sta
llati
on
Ins
tall
ing
In
sta
llin
g V
PN
VP
N--1
NG
X (
1 N
GX
(S
ma
rtC
en
ter
Sm
art
Ce
nte
r
an
d S
ec
uri
ty G
ate
wa
y)
on
a
nd
Se
cu
rity
Ga
tew
ay)
on
Se
cu
reP
latf
orm
Se
cu
reP
latf
orm
Lab
1:
NG
X S
tan
dL
ab
1:
NG
X S
tan
d--a
lon
e In
sta
llati
on
alo
ne In
sta
llati
on
Co
nfi
gu
re V
PN
Co
nfi
gu
re V
PN
--1 N
GX
(1
NG
X (
Sm
art
Ce
nte
rS
ma
rtC
en
ter
an
d S
ec
uri
ty G
ate
wa
y)
on
a
nd
Se
cu
rity
Ga
tew
ay)
on
Se
cu
reP
latf
orm
Se
cu
reP
latf
orm
Lab
1:
NG
X S
tan
dL
ab
1:
NG
X S
tan
d--a
lon
e In
sta
llati
on
alo
ne In
sta
llati
on
Ins
tall
ing
In
sta
llin
g S
ma
rtC
on
so
leS
ma
rtC
on
so
leo
n W
ind
ow
so
n W
ind
ow
s
