Check Point VPN-1/FireWall-1

Basic License Features of Check Point R70

AERAsec Network Services and Security GmbH

This page is about the basic license features of Check Point R70 Software Blades

This document gives an idea about licensing the software Check Point R70 and above. No warranty at all!
Currently no explanation of licenses for Check Point appliances.
For details and prices please contact Check Point or your local reseller or us if you want us to be your new reseller.

Information about licensing Endpoint Security will be updated asap, ML 20100522

Usually, people have a string describing the license - but not everybody knows, what this license string means exactly. A look in the file $CPDIR/conf/cp.macro doesn't help always, because here is only the interpretation of the license string to the license features done.
Further information about this topic is avilable upon request. This document covers Check Point R70. For other versions, please refer to the corresponding page

For information about the new licensing scheme for Endpoint Security, please follow this link.

 

General overview

To work with Check Point R70 longer than two weeks, you will need a corresponding license. In many cases, a license bundle containing the management solution as well as one firewall is purchased. You can also buy a management solution (CPSM, mandatory) and the needed licenses for the Security Gateway(s). Be sure to order the correct size of CPSM! Additionally, you can obtain licenses for additional Software Blades which offer different security enhancements. 
In general, there is a difference between "one time licensing" for licenses which going to be used permanently for Management or Security Gateway (at least CES Support required) and "service licenses" which need to be renewed every year (e.g. updates for Anti-Virus, IPS, DLP or URL Filtering). 

When obtaining a license, you will get a Certificate Key (CK), which isn't really a license. By entering this CK in your account at the Check Point's UserCenter, you will get the "real license" which needs to be imported to the SmartCenter (or the Firewall, when still using local licensing).

The CK is generated when you have placed your order for the license(s) you need. In general, an order key has different parts:

  1. CPSG
    Product family
  2. C101
    Product sub-family
  3. HA
    when a license is for High Availability only, this suffix is used.

 
1. Product Family

Here you find a collection of the main product families. Basically, these are Gateway and Management components. Further on, software extensions are available as Security Blades (available for Gateway as well as Management) and hardware appliances by Check Point. 

CPAP  
Check Point Hardware Appliance

CPSB
Check Point Security Blade (Software Module)

CPSG
Check Point Security Gateway (e.g. Firewall)

CPSM
Check Point Security Management (e.g. SmartCenter)

 
2. Product sub-familiy

To configure a firewall, you will need a management component (CPSM-Cxxxx) as well as a gateway component (CPSG-Cxxx or CPAP-SGxxx). Bundles are available also. So these steps are necessary to select the correct licenses:

- Decide if a bundle of management and gateway fits your needs. 
   - Select the corresponding bundle 
   - Select additional Security Management Blades, optional
   - Select additional Security Gateway Blades, optional
   - Select additional Security Gateway Service Blades, optional

- Decide if pre-defined systems are ok for you. In this case, you can choose
   - one Management pre-defined system
   - Select additional Security Management Blades, optional
   - one Security Gateway pre-defined system
   - Select additional Security Gateway Blades, optional
   - Select additional Security Gateway Service Blades, optional

- If an individual licensing is ok for you, take these steps:
   - Select a Managemenet Container
   - Select the needed Security Management Blades
   - Select a Security Gateway Container
   - Select the needed Security Gateway Blades
   - Select the needed Security Gateway Service Blades

- Later on, all licenses can be found in your Check Point UserCenter Account. At least a basic support (e.g. CES Standard) is required, leading to additional yearly cost.   

2.1 Management

For each installation of Check Point products, a management component is mandatory. 

Management Pre-defined Systems

P1003
Check Point Security Management pre-defined system SM1003 including container and 3 blades: NPM, EPM, LOGS
Management for up to 10 gateways

P2506
Check Point Security Management pre-defined system SM2506 including container and 6 blades: NPM, EPM, LOGS, MNTR, IPSA, PRVS 
Management for up to 25 gateways

P1007
Check Point Security Management pre-defined system SM1007 including container and 7 blades: NPM, EPM, LOGS, MNTR, IPSA, PRVS, UDIR
Management for up to 10 gateways

PU003
Check Point Security Management pre-defined system SMU003 including container and 3 blades: NPM, EPM, LOGS
Management for an unlimited number of gateways

PU007
Check Point Security Management pre-defined system SMU007 including container and 7 blades: NPM, EPM, LOGS, MNTR, IPSA, PRVS, UDIR
Management for an unlimited number of gateways

back to Product sub-familiy

 

Management Container

C1000
Check Point Security Management Container for up to 10 gateways

C2500
Check Point Security Management Container for up to 25 gateways

CU00
Check Point Security Management Container for an unlimited number or gateways

back to Product sub-familiy

 

Security Management Blades

NPM
Check Point Network Policy Management blade
offers security policy management for Check Point gateways via SmartDashboard

EPM
Check Point Endpoint Policy Management blade
offers central security policies for endpoint devices (ex Integrity)

LOGS
Check Point Logging & Status blade
offers central logging and visualized changes and activities 

MNTR
Check Point Monitoring blade
offers monitoring of network and security performance (ex SmartView Monitor)

MPTL
Check Point Management Portal blade
offers access to the management using a web browser (ex SmartPortal)

UDIR
Check Point User Directory blade
offers authenticating users via LDAP-bases user information stores, e.g. MS Active Directory (ex SmartDirectory)

IPSA
Check Point IPS Event Analysis blade
offers forensic analysis and reporting (ex Eventia Analyzer)

PRVS
Check Point Provisioning blade (ex SmartLSM)

SM500
Check Point Security Management Container Expansion for addtional 5 managed gateways 

EVS-C1000
Check Point Reporting and Event Correlation blade for C1000 (ex Eventia Suite)

EVS-C2500
Check Point Reporting and Event Correlation blade for C2500 (ex Eventia Suite)

EVS-CU000
Check Point Reporting and Event Correlation blade for CU000 (ex Eventia Suite)

back to Product sub-familiy

2.2 Gateway

As a matter of principle, the Security Gateway Blade "Firewall" (FW) is always included.  

Security Gateway Pre-defined Systems

P103 
Check Point SG103, container for 1 core hardware, 
includes 3 blades: FW, VPN, IPS
limited to 50 users and recommended up to 8 ports

P106
Check Point SG106, container for 1 core hardware, 
includes 6 blades: FW, VPN, IPS, ASPM, URLF, AV
limited to 50 users and recommended up to 8 ports

P203
Check Point SG203, container for 2 core hardware, 
includes 3 blades: FW, VPN, IPS
limited to 500 users and recommended up to 12 ports

P203 U
Check Point SG203, container for 2 core hardware, 
includes 3 blades: FW, VPN, IPS
unlimited users and recommended up to 12 ports

P205
Check Point SG205, container for 2 core hardware, 
includes 5 blades: FW, VPN, IPS, ADN, ACCL
limited to 500 users and recommended up to 12 ports

P207
Check Point SG207, container for 2 core hardware, 
includes 7 blades: FW, VPN, IPS, ASPM, URLF, AV, ACCL
limited to 500 users and recommended up to 12 ports

P405
Check Point SG405, container for 4 core hardware, 
includes 5 blades: FW, VPN, IPS, ADN, ACCL
unlimited users, recommended up to 16 ports

P407
Check Point SG407, container for 4 core hardware, 
includes 7 blades: FW, VPN, IPS, ASPM, URLF, AV, ACCL
unlimited users, recommended up to 16 ports

P805
Check Point SG805, container for 8 core hardware, 
includes 5 blades: FW, VPN, IPS, ADN, ACCL
unlimited users

back to Product sub-familiy

 

Security Gateway Containers

C101
Check Point SG101, container for 1 core hardware, includes 1 blade (FW), limited to 50 users, recommended up to 8 ports

C201
Check Point SG201, container for 2 core hardware, includes 1 blade (FW), limited to 500 users, recommended up to 12 ports

C401
Check Point SG401, container for 4 core hardware, includes 1 blade  (FW), unlimited users, recommended up to 16 ports

C801
Check Point SG801, container for 8 core hardware, includes 1 blade  (FW), unlimited users, recommended up to 20 ports

back to Product sub-familiy

 

Security Gateway Blades

CPSB-ACCL
Check Point Acceleration & Clustering blade
offers SecureXL and ClusterXL LS

CPSB-ADN
Check Point Advanced Networking blade
offers dynamic routing, multicast support and Quality of Service (QoS)

CPSB-FW
Check Point Firewall blade, always included
offers the well known FireWall-1 capabilities 

CPSB-VOIP
Check Point Voice over IP blade
offers improvements for more than 60 VoIP applications
(VoIP Software Blade is currently available on NGX R65 only)

CPSB-VPN
Check Point IPSEC VPN blade
offers Site-to-Site VPN and Remote Access using IPSec

CPSB-WS
Check Point Web Secuerity blade
offers advanced protection for web servers, e.g. against buffer overflows or information disclosure

back to Product sub-familiy

 

Security Gateway Servivce Blades

CPSB-ASPM
Check Point Anti-Spam and E-Mail Security blade
offers multi-dimensional protection for the messaging infrastrucure, updates included

CPSB-AV
Check Point Anti-Virus & Anti-Malware blade
offers Anti-Virus protection inluding heuristic virus analyses, updates included

CPSB-DLP
Check Point Data Loss Prevention blade
offers DLP, to be licensed per number of users and mail as well as throughput

CPSB-IPS-S1
Check Pont IPS blade for small business (see below)
offers the integrated Intrusion Prevention System, updates included
Version for UTM-1 130, UTM-1 270, UTM-1 570, and SG101/C101

CPSB-IPS
Check Point IPS blade
offers the integrated Intrusion Prevention System, updates included
Version for all other gateway systems/licenses

CPSB-TS-S1
Check Point Total Security Package special
offers a package of all service blades (IPS, URLF, AV, ASPM)
Version for UTM-1 130, UTM-1 270, UTM-1 570, and SG101/C101

CPSB-TS-S2
Check Point Total Security Package
offers a package of all service blades (IPS, URLF, AV, ASPM)
Version for all other gateway systems/licenses

CPSB-URLF
Check Point URL Filtering blade
offers URL filtering of many million sites, updates included

back to Product sub-familiy

2.3 Bundles

CPSG-P103-CPSM-P203
Management of 2 gateways and 3 blades (SM203)
Gateway with 1 core, 50 users and 3 blades (SG103) 

CPSG-P103-CPSM-P303
Management of 3 gateways and 3 blades (SM303)
Gateway with 1 core, 50 users and 3 blades (SG103) 

CPSG-P203-CPSM-P303
Management of 3 gateways and 3 blades (SM303)
Gateway with 2 cores, 500 users and 3 blades (SG203) 

CPSG-P203-CPSM-P1003
Management of 10 gateways and 3 blades (SM1003)
Gateway with 2 cores, 500 users and 3 blades (SG203) 

CPSG-P405-CPSM-P1003
Management of 10 gateways and 3 blades (SM1003)
Gateway with 4 cores, unlimited users and 5 blades (SG405) 

CPSG-P405-CPSM-PU003
Management of unlimited gateways and 3 blades (SM1003)
Gateway with 4 cores, unlimited users and 5 blades (SG405) 

CPSG-P405-CPSM-P2506
Management of 25 gateways and 6 blades (SM2506)
Gateway with 4 cores, unlimited users and 5 blades (SG405) 

CPSG-P805-CPSM-PU007
Management of unlimited gateways and 7 blades (SMU007)
Gateway with 8 cores, unlimited users and 5 blades (SG805) 

back to Product sub-familiy

 

 

No warranty at all, your Feedback is welcome!
© 2003-2010 AERAsec Network Services and Security GmbH, last change 2010-05-25
back to http://www.vpn-1.de/aerasec