g ai a_technical_v11

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties

GAiA Technical Overview

2©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties |

GAiA Technical Agenda

1 What is GAiA?

Management2

Networking3

Installation and Upgrade4


Today’s IT Security Challenges

More Efficient IT Infrastructure and Management

More Efficient IT Infrastructure and Management

Increased Network Complexity and Performance

Increased Network Complexity and Performance

Growing Multi-Vector Security Threats

Growing Multi-Vector Security Threats



1 What is GAiA?

Management2

Networking3



New Cutting-Edge Security Gateway Platform

Increase Operational Efficiency with Wide Range of New Features

Combining the Best Features of IPSO and SecurePlatform (SPLAT)

Secure Platform for the Most Demanding Environments


Feature-Rich Web GUI

64-Bit

IPv6 Security

Fast Gateway Replication

Auto-SoftwareUpdate

Role-BasedAdmin

5 Multicasting Protocols

5 DynamicRouting Protocols

VRRP & SecureXL

Single image

Gateway Virtualization

Powerful New

Features

New Cutting-Edge Security Gateway Platform


Foundation for All Software Blades

Consolidate Any Software Blade You NeedNow Also on IP-Series Appliances

DLPApplication

ControlIPSFirewall& VPN

URLFilteringAnti-Bot

Identity Awareness Antivirus

2012 Models Power-1 IP-Series


Open Servers VMWare

One Security Platform

2200 4000 12000 21400 61000

Power-1 UTM-1 Smart-1

IP Series



1 What is GAiA?

Management2

Networking3



Ease of Management

Role Based Administration

Automatic Software Update



Intuitive Web GUI Experience

CPOS_Web

All CommandsAll Commands

SearchSearch

DashboardDashboard

Shell EmulatorShell Emulator


SuperShell

Over 1,000 GAiA Commands

SPLAT & IPSO Backward Compatibility

Full Auditing

Define Your Own SuperShell Commands

Feature Parity with GAiA WebUI

Feature-Rich Commands


GAiA Management Architecture

passwd:admin tpasswd:admin:gid 0passwd:admin:homedir /home/adminpasswd:admin:lastchg 1257897600passwd:admin:passwd bPVk$XAbF2fm87Gti5ETmYFVon0passwd:admin:shell /etc/cli.shpasswd:admin:uid 0interface:eth0 tinterface:eth0:state oninterface:eth0:ipaddr:192.168.1.1 tinterface:eth0:ipaddr:192.168.1.1:mask 24timezone:zoneinfo America/New_Yorktimezone:region New_Yorktimezone:area Americahosts:GAiA thosts:GAiA:address 192.168.1.1

Database

One Database Facilitates Replication and System Backups


Intelligent Backend

confd

shell

web /config/active

SyntacticValidation

Semantic Validation and

Database Coherency

Database

Ensures that Data is Accurate, Valid and Consistent


Gateway Configuration Replication

Export Configuration to Other Gateways

Backup and Restore and Fast Cloning

Export and Revert the Entire Gateway Image in Minutes

Replicate & Revert Your Gateway

Database


Different Admins, Different Privileges

Master Admin

Networking Edit Monitoring Only

Role-Based Administration


Role-Based Administration

Granular Control of Users and Roles

95 Features:Groups of Related Commands

48 Extended Commands:OS or Gateway Utilities


Industry Standard Authentication

RADIUS and TACACS+

Up to 15 privilege levels using TACACS+ “enable” mechanism

TACACS+ and RADIUS groups can be linked to Role Based Access

Used by ISPs and Enterprises to Manage Access


2XFaster

Download

Less than5 Seconds

Install

5XFaster

Rollback

Backup & Provisioning Efficient Auto Software Update

Background Software* Download & Installation

The Only Security Gateway withFull Software Update Automation

Schedule Update Download and Install

Validate and Inform Updates Process Status

*Hot Fix and Hot Fix Aggregation


Software Updates Status

Conflicts Display

Status Explanation

Customer Specific Hot Fix


Software Updates Policy

Automate the Update Process

Set Policy

Auto Rollback

Improve Updates


Mail Notification New Packages Download Status Install Status

Software Updates Notifications

Keep Informed of New Updates and Update Status



1 Introducing GAiA

Management2

Networking3




Combining the Best Features of IPSO and SecurePlatform (SPLAT)

Advanced Networking

60X Connection Capacity

IPv6 Network Security

Secure Platform for the Most Demanding Environments


IPv6 Support

Native IPv6 Protocol Suite

IPv6 Acceleration and Clustering

Dynamic Routing is on the Roadmap

VRRPv3 with IPv6 is on the Roadmap

Free IPv6License


Integrating IPv4 and IPv6

* Not supported in the first GAiA release

Migration Examples

Run dual-stack in the United States Go completely to IPv6 in Japan Use tunneling in Europe

Transition Methods

Dual Stack – IPv4 & IPv6 run concurrently Tunneling – encapsulate IPv6 in IPv4 Translation – from IPv4 to IPv6 packets* IPv6

IPv4


IPv6 Basic Setup

GAiA Configuration

Enable IPv6

Configure the IPv4 & IPv6 interfaces

Add IPv4 & IPv6 routes

Firewall Configuration

Add IPv6 interfaces to the gateway object

Create IPv4, IPv6 hosts and network objects

Create some basic rules


Advanced Networking Clustering

Two Modes of Redundancy:ClusterXL* and VRRP

* IPv6 HA


Dynamic Routing

Well-known IPSO Dynamic Routing Stack– BGP– OSPF – RIP– PIM (Sparse Mode and Dense Mode) – IGMP

Manageable Dynamic Routing


Advanced Networking – More

DHCP Relay Agent

DHCP Server

Link Aggregation with 802.3ad Support

Policy Based Routing


High Connection Capacity

High Connection Capacity on Select Appliance Models, via the Built-in 64-bit Firewall

Power-1 11000

4800

12600

21400

SecurePlatform/IPSO

GAiA

6GB 1.2M 2.5M

8GB 1.2M 3.3M

12GB 1.2M 5.0M

24GB 1.2M 10.0M


Getting to 64 Bit

Standard Memory64 Bit Minimum

MemoryMaximumMemory

4800, 12200 4GB 8GB 8GB

12400 4GB 8GB 12GB

12600 6GB 6GB 12GB

21400 12GB 12GB 24GB

IP1280, IP2450 4GB 8GB 8GB

Open Servers Depends on model 6GB 24GB



1 Introducing GAiA

Management2

Networking3



AdvancedNetworking

Better Security

From SPLAT to GAiA

SimplerManagement

Advanced Web GUI

Replicate Configuration

VRRP Clustering IPv6 Security High-Connection

Capacity (64-Bit)

Role-Based Admin

TACACS+ Integration


Ease of Deployment

New Check Point Appliance

More Software Blades

Single Image of OS and Gateway

Simple Installation and Replication

One-Click Registration

Configuration Wizards

More Blades DLP Mobile Access Anti-Spam Anti-BotPlus IPv6 Security

From IPSO to GAiA

Same User Experience

Extended Functionality

Leverage New and More Powerful Check Point Appliances

12000

4000

2200

21400


Upgrade to R75.40

R75 R75.10

R71 R71.10

R70R70 R70.10R70.10

R75.20

R71.20

R70.20R70.20

R75.30

R70.30R70.30

R71.30

R70.40R70.40

Upgrade to R75.40 and the GAiA OS

R71.40

R70.50R70.50

R75.40GAIA

IPSO

Upgrade supported from

version 6.2


Upgrading SecurePlatform to GAiA

Upgrade the product licenses to R75 or higher

Connect a DVD drive to the USB port

Run: # patch add cd

Select the applicable upgrade option

Remove the CD and reboot

Install a policy

1

3

2

4

6

5


Upgrading IPSO to GAiA

Mount the GAiA iso

Install GAiA upgrade package

Run the upgrade package

Supply the backup location *

Supply the upgrade template *

Script runs automatically

1

3

2

4

6

5Console

Connection

FTP Server

IP Appliance

* Optional


First Time Installation

Configuration Template

Install Options

First Time Wizard


What’s Next?

Acceleration Card

Port Based Routing

NetFlow

IPv6 Dynamic Routing

VRRPv3 – Support for IPv6

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved.©2012 Check Point Software Technologies Ltd. [Confidential] — For Check Point users and approved third parties

Thank You!

g ai a_technical_v11

Art & Photos

check point users

software blades

parties new

parties supershell

parties gaia technical

parties todays

parties foundation

security platform