Glossary

    A
  • Anti-Bot
    Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.
  • Anti-Spam
    Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM.
  • Anti-Virus
    Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.
  • Application Control
    Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.
  • ARM
    Microsoft® Azure Resource Manager. Technology to administer assets using Resource Group.
  • ASN
    Autonomous System Number – Special number that used for the BGP
  • Audit Log
    Log that contains administrator actions on a Management Server (login and logout, creation or modification of an object, installation of a policy, and so on).
  • Available Quota
    The available license pool quota is the number of unallocated cores.
  • AWS
    Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services.
  • AWS Region
    In AWS, a geographic area to place resources. Each region has multiple, isolated locations known as Availability Zones.
  • AWS VPC
    AWS Virtual Private Cloud. A private cloud that exists in the public cloud of Amazon. It is isolated from other Virtual Networks in the AWS cloud.
    • B
  • Bridge Mode
    Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.
    • C
  • Central License
    A Central License is a CloudGuard Security Gateway license. It is deployed and managed on the Security Management Server or Multi-Domain Server and distributed from a license pool to all CloudGuard Security Gateways connected to corresponding Management Servers.
  • Cisco ACI
    Cisco® Application Centric Infrastructure. Comprehensive SDN architecture, policy-based automation solution for increased scalability through a distributed enforcement system with greater network visibility. Trademark of Cisco.
  • Cisco APIC
    Cisco® Application Policy Infrastructure Controller. Automation and management point for the Cisco ACI fabric. It centralizes access to fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.
  • Cisco Contract
    In Cisco ACI SDN, a policy between Endpoint Groups (EPGs), with one EPG providing and one EPG consuming, to virtualize a physical network cable connection.
  • Cisco ISE
    Cisco® Identity Services Engine. Provides highly secure network access to users and devices to streamline security policy management and reduce operating costs. Trademark of Cisco.
  • CK
    Certificate Keys (CKs) of Central Licenses in the License Pool.
  • CloudGuard Controller
    Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security.
  • CloudGuard Gateway
    Check Point Virtual Security Gateway that protects dynamic virtual environments with policy enforcement. CloudGuard Gateway inspects traffic between Virtual Machines to enforce security, without changing the Virtual Network topology.
  • Cluster
    Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.
  • Cluster Member
    Security Gateway that is part of a cluster.
  • Compliance
    Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration.
  • Content Awareness
    Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.
  • Cores Quota
    The Central License Cores Quota is the number of virtual cores the license covers. This number is specified when the license is purchased. The Central License can be used on multiple Security Gateways up to the cores quota. The number of cores in a Security Gateway determines how many cores that Security Gateway uses from the Central License cores quota.
  • CoreXL
    Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores.
  • CoreXL Firewall Instance
    On a Security Gateway with CoreXL enabled, the Firewall kernel is copied multiple times. Each replicated copy, or firewall instance, runs on one processing CPU core. These firewall instances handle traffic at the same time, and each firewall instance is a complete and independent firewall inspection kernel. Synonym: CoreXL FW Instance.
  • CoreXL SND
    Secure Network Distributer. Part of CoreXL that is responsible for: Processing incoming traffic from the network interfaces; Securely accelerating authorized packets (if SecureXL is enabled); Distributing non-accelerated packets between Firewall kernel instances (SND maintains global dispatching table, which maps connections that were assigned to CoreXL Firewall instances). Traffic distribution between CoreXL Firewall instances is statically based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type. The CoreXL SND does not really "touch" packets. The decision to stick to a particular FWK daemon is done at the first packet of connection on a very high level, before anything else. Depending on the SecureXL settings, and in most of the cases, the SecureXL can be offloading decryption calculations. However, in some other cases, such as with Route-Based VPN, it is done by FWK daemon.
  • CPUSE
    Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself.
    • D
  • DAIP Gateway
    Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway, on which the IP address of the external interface is assigned dynamically by the ISP.
  • Data Center
    Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data.
  • Data Loss Prevention
    Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.
  • Data Type
    Classification of data in a Check Point Security Policy for the Content Awareness Software Blade.
  • Default Pool
    A pool created by the first Central License that is added with the Central License tool. The pool type is defined based on the blades package of the first added Central License. CloudGuard Security Gateways automatically receive licenses from that pool. When all licenses in the Default License Pool are removed, a random pool is set as a default. When there are multiple pools, the user can select the default license pool.
  • Distributed Deployment
    Configuration in which the Check Point Security Gateway and the Security Management Server products are installed on different computers.
  • Dynamic Object
    Special object type, whose IP address is not known in advance. The Security Gateway resolves the IP address of this object in real time.
    • E
  • Endpoint Policy Management
    Check Point Software Blade on a Management Server to manage an on-premises Harmony Endpoint Security environment.
  • Expert Mode
    The name of the elevated command line shell that gives full system root permissions in the Check Point Gaia operating system.
    • G
  • Gaia
    Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems.
  • Gaia Clish
    The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).
  • Gaia Portal
    Web interface for the Check Point Gaia operating system.
  • GCP
    Google® Cloud Platform is a suite of products and services that includes hosting, cloud computing, database services and more.
  • GCP Project
    GCP Projects form the basis for creating, enabling, and using all Cloud Platform services. This includes managing APIs, enabling billing, adding and removing collaborators, and managing permissions for Cloud Platform resources.
  • GCP Regions and Zones
    A region is a specific geographical location where you can run resources. Each region has one or more zones.
  • GCP VPC Network
    A Virtual Private Cloud is a global private isolated Virtual Network partition that provides managed networking functionality for your GCP resources.
  • Generic Data Center
    The Generic Data Center is an object that points to a JSON file on an external server that contains the IP addresses that you want to access. This way, when the Generic Data Center object is used in a policy, SmartConsole can retrieve the IP information from the JSON file as necessary.
    • H
  • Hotfix
    Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior.
  • HTTPS Inspection
    Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.
    • I
  • ICA
    Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.
  • Identity Awareness
    Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.
  • Identity Logging
    Check Point Software Blade on a Management Server to view Identity Logs from the managed Security Gateways with enabled Identity Awareness Software Blade.
  • ILB
    Internal Load Balancer, used to load balance traffic in a virtual network
  • Internal Network
    Computers and resources protected by the Firewall and accessed by authenticated users.
  • IoT Cloud Adapter
    IoT Cloud Adapters are connectors between IoT devices and cloud platforms. IoT adapters deliver data from the device to the cloud platform that stores it.
  • IPS
    Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).
  • IPsec VPN
    Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.
    • J
  • Jumbo Hotfix Accumulator
    Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA.
    • K
  • Kerberos
    An authentication server for Microsoft Windows Active Directory Federation Services (ADFS).
  • Kubernetes
    Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services that facilitates both declarative configuration and automation.
    • L
  • License Pool
    A License Pool is a group of CloudGuard Central Licenses with the same blades and valid contracts. A Security Management Server or Multi-Domain Server can have multiple license pools. Each pool is defined by: - Pool Type - Total Quota - Available Quota - Certificate Keys - Subscribed Security Gateways
  • Log Server
    Dedicated Check Point server that runs Check Point software to store and process logs.
  • Logging & Status
    Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways.
    • M
  • Management Interface
    (1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member. (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI.
  • Management Server
    Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.
  • Manual NAT Rules
    Manual configuration of NAT rules by the administrator of the Check Point Management Server.
  • Microsoft Azure
    Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®.
  • Mobile Access
    Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.
  • Multi-Domain Log Server
    Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.
  • Multi-Domain Server
    Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.
    • N
  • Network Object
    Logical object that represents different parts of corporate topology - computers, IP addresses, traffic protocols, and so on. Administrators use these objects in Security Policies.
  • Network Policy Management
    Check Point Software Blade on a Management Server to manage an on-premises environment with an Access Control and Threat Prevention policies.
  • Nuage
    The Nuage Networks Virtualized Services Platform (VSP) is the industry-leading network automation platform, enabling a complete range of SDN, SD-WAN, and cloud solutions.
  • Nutanix
    Nutanix is a private and hybrid cloud software provider that offers software for virtualization, Kubernetes, database-as-a-service, software-defined networking, security, as well as software-defined storage for file, object, and block storage.
  • NVA
    Network Virtual Appliance - A resource deployed in Azure's Virtual Hub that includes Security Gateways and other networking infrastructure.
    • O
  • Open Server
    Physical computer manufactured and distributed by a company, other than Check Point.
  • OpenStack
    An open source cloud-computing infrastructure for service providers and enterprises. It includes modules for administration, storage, networking and Virtual Machine deployment and control.
  • Oracle Cloud
    Oracle Cloud is a cloud computing service offered by Oracle Corporation. It provides servers, storage, networks, applications, and services through a global network of Oracle Corporation-managed data centers.
    • P
  • Private Network (L3)
    A Layer 3 network that separates routing instances, and can be used as an administrator separation.
  • Provisioning
    Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM.
    • Q
  • QoS
    Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.
    • R
  • Resource Group for Microsoft Azure
    Object used in ARM to monitor, control access, provision and manage billing for collections of assets that are required to run an application, or used by a client or company department.
  • Rule
    Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.
  • Rule Base
    All rules configured in a given Security Policy. Synonym: Rulebase.
    • S
  • SD-WAN
    Software Defined – Wide Area Network (WAN), more information on this solution: https://www.checkpoint.com/cyber-hub/network-security/what-is-sd-wan/
  • SDDC
    Software-Defined Data Center. Data Center infrastructure components that can be provisioned, operated, and managed through an API for full automation.
  • SDN
    Software-Defined Network. Virtualization of topology, traffic, and functionality.
  • SecureXL
    Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.
  • Security Gateway
    Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.
  • Security Group for AWS
    Acts as a virtual firewall that controls the traffic for one or more instances in AWS. Security Groups are associated with network interfaces.
  • Security Group for VMware NSX
    A collection of virtual objects that defines the Distributed Firewall protection policy in VMware NSX.
  • Security Management Server
    Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.
  • Security Policy
    Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.
  • Service Graph
    Ordered set of function nodes between terminals, which identifies network service functions required by an application. Required for CloudGuard integration.
  • Service Manager
    Component that manages the communication between Check Point products, CloudGuard Controller and the VMware NSX, through the VMware REST API.
  • SIC
    Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.
  • SLB
    Software Load Balancer, used to distribute tenant and tenant customer network traffic to virtual network resources. SLB enables multiple servers to host the same workload, providing high availability and scalability
  • SmartConsole
    Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.
  • SmartDashboard
    Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings.
  • SmartProvisioning
    Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM.
  • SmartUpdate
    Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment.
  • SNAT
    Source Network Address Translation (Source NAT)
  • Software Blade
    Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.
  • Standalone
    Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server.
  • Subscribed Security Gateways
    All Security Gateways on the Management Server are subscribed to the Default License Pool (unless configured differently) and get their licenses automatically. The user can exclude each Security Gateway from the automatic license distribution.
    • T
  • Tenant for ACI
    Group of users, to isolate access to resources in Cisco ACI. Also known as Project.
  • Threat Emulation
    Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.
  • Threat Extraction
    Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.
  • Total Quota
    The total license pool quota is the sum of all Central Licenses' cores.
    • U
  • Updatable Object
    Network object that represents an external service, such as Microsoft 365, AWS, Geo locations, and more.
  • URL Filtering
    Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.
  • User Directory
    Check Point Software Blade on a Management Server that integrates LDAP and other external user management servers with Check Point products and security solutions.
    • V
  • Virtual Network
    Environment of logically connected Virtual Machines.
  • VMware ESXi
    A VMware® physical hypervisor server that hosts one or more Virtual Machines and other virtual objects. All references to ESX are also relevant for ESXi unless specifically noted otherwise.
  • VMware NSX
    VMware NSX is a network virtualization and security platform that enables the virtual cloud network, a software-defined approach to networking that extends across data centers, clouds, and application frameworks
  • VMware NSX-T
    VMware NSX-T is a network virtualization and security platform that builds security into the network virtualization infrastructure.
  • VMware NSX Manager
    Basic network and security functionality for virtual computer environments. A VMware® product family for SDN of Virtual Machines on the cloud (previously known as vShield).
  • VMware vCenter
    Centralized management tool for VMware® vSphere. It manages many ESX servers and Virtual Machines from different ESX servers, from one console application.
  • VMware vSphere
    VMware® cloud computing virtualization operating system. The vSphere Web Client is the GUI to manage Virtual Machines and their objects.
  • vNIC
    Virtual Network Interface Card. Software-based abstraction of a physical interface that supplies network connectivity for Virtual Machines.
  • vsec_lic_cli
    The Central License tool (vsec_lic_cli) runs on Management Servers and Multi-Domain Servers. It deploys and manages licenses for all subscribed Security Gateways. The tool can be used only in the Expert mode of the Management Server CLI.
  • vSwitch
    A software abstraction of a physical Ethernet switch. It can connect to physical switches through physical network adapters to join virtual networks with physical networks. It can also be a Distributed Virtual Switch (dvSwitch), for definition and use on multiple ESXi hosts.
  • VSX
    Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts.
  • VSX Gateway
    Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.
    • Z
  • Zero Phishing
    Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.