Glossary

    A
  • Access Role
    Access Role objects let you configure network access according to: Networks, Users and user groups, Computers and computer groups, Remote Access Clients. After you activate the Identity Awareness Software Blade, you can create Access Role objects and use them in the Source and Destination columns of Access Control Policy rules.
  • AD Query
    Check Point clientless identity acquisition tool. It is based on Active Directory integration and it is completely transparent to the user. The technology is based on querying the Active Directory Security Event Logs and extracting the user and computer mapping to the network address from them. It is based on Windows Management Instrumentation (WMI), a standard Microsoft protocol. The Check Point Security Gateway communicates directly with the Active Directory domain controllers and does not require a separate server. No installation is necessary on the clients, or on the Active Directory server.
  • Anti-Bot
    Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.
  • Anti-Spam
    Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM.
  • Anti-Virus
    Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.
  • Application Control
    Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.
  • Audit Log
    Log that contains administrator actions on a Management Server (login and logout, creation or modification of an object, installation of a policy, and so on).
    • B
  • Bridge Mode
    Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.
  • Browser-Based Authentication
    Authentication of users in Check Point Identity Awareness web portal - Captive Portal, to which users connect with their web browser to log in and authenticate.
    • C
  • Captive Portal
    A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication.
  • Cloud Credentials
    Specific credentials from identity providers used by the Identity Collector to connect seamlessly to the Infinity Portal. These credentials are essential for establishing a secure and efficient connection between the Identity Client and the Infinity Portal.
  • Cloud Services
    Refers to a centralized identities solution provided by Infinity Identity and Directory Sync. These services offer identity management and directory synchronization capabilities, hosted and managed in the cloud.
  • Cluster
    Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.
  • Cluster Member
    Security Gateway that is part of a cluster.
  • Compliance
    Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration.
  • Content Awareness
    Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.
  • CoreXL
    Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores.
  • CoreXL Firewall Instance
    On a Security Gateway with CoreXL enabled, the Firewall kernel is copied multiple times. Each replicated copy, or firewall instance, runs on one processing CPU core. These firewall instances handle traffic at the same time, and each firewall instance is a complete and independent firewall inspection kernel. Synonym: CoreXL FW Instance.
  • CoreXL SND
    Secure Network Distributer. Part of CoreXL that is responsible for: Processing incoming traffic from the network interfaces; Securely accelerating authorized packets (if SecureXL is enabled); Distributing non-accelerated packets between Firewall kernel instances (SND maintains global dispatching table, which maps connections that were assigned to CoreXL Firewall instances). Traffic distribution between CoreXL Firewall instances is statically based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type. The CoreXL SND does not really "touch" packets. The decision to stick to a particular FWK daemon is done at the first packet of connection on a very high level, before anything else. Depending on the SecureXL settings, and in most of the cases, the SecureXL can be offloading decryption calculations. However, in some other cases, such as with Route-Based VPN, it is done by FWK daemon.
  • CPUSE
    Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself.
    • D
  • DAIP Gateway
    Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway, on which the IP address of the external interface is assigned dynamically by the ISP.
  • Data Loss Prevention
    Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.
  • Data Type
    Classification of data in a Check Point Security Policy for the Content Awareness Software Blade.
  • Directory Sync
    A solution that holds static Directory information regarding users, groups, devices, and memberships. .
  • Distributed Deployment
    Configuration in which the Check Point Security Gateway and the Security Management Server products are installed on different computers.
  • Dynamic Object
    Special object type, whose IP address is not known in advance. The Security Gateway resolves the IP address of this object in real time.
    • E
  • Endpoint Policy Management
    Check Point Software Blade on a Management Server to manage an on-premises Harmony Endpoint Security environment.
  • Expert Mode
    The name of the elevated command line shell that gives full system root permissions in the Check Point Gaia operating system.
    • G
  • Gaia
    Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems.
  • Gaia Clish
    The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).
  • Gaia Portal
    Web interface for the Check Point Gaia operating system.
    • H
  • Hotfix
    Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior.
  • HTTPS Inspection
    Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.
    • I
  • ICA
    Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.
  • Identity Agent
    Check Point dedicated client agent installed on Windows-based user endpoint computers. This Identity Agent acquires and reports identities to the Check Point Identity Awareness Security Gateway. The administrator configures the Identity Agents (not the end users). There are two types of Identity Agents - Full and Light. You can download the Full and Light Identity Agent package from the Captive Portal - 'https://<Gateway_IP_Address>/connect' or from Support Center.
  • Identity Agent Configuration Utility
    Check Point utility that creates custom Identity Agent installation packages. This utility is installed as a part of the Identity Agent: go to the Windows Start menu > All Programs > Check Point > Identity Agent > right-click the 'Identity Agent' shortcut > select 'Properties' > click 'Open File Location' ('Find Target' in some Windows versions > double-click 'IAConfigTool.exe').
  • Identity Agent Distributed Configuration Tool
    Check Point Identity Agent control tool for Windows-based client computers that are members of an Active Directory domain. The Distributed Configuration tool lets you configure connectivity and trust rules for Identity Agents - to which Identity Awareness Security Gateways the Identity Agent should connect, depending on its IPv4 / IPv6 address, or Active Directory Site. This tool is installed a part of the Identity Agent: go to the Windows Start menu > All Programs > Check Point > Identity Agent > open the Distributed Configuration. Note - You must have administrative access to this Active Directory domain to allow automatic creation of new LDAP keys and writing.
  • Identity Awareness
    Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.
  • Identity Broker
    Identity Sharing mechanism between Identity Servers (PDP): (1) Communication channel between PDPs based on Web-API (2) Identity Sharing capabilities between PDPs - ability to add, remove, and update the identity session.
  • Identity Collector
    Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center.
  • Identity Collector Identity Sources
    Identity Sources for Check Point Identity Collector - Microsoft Active Directory Domain Controllers, Cisco Identity Services Engine (ISE) Servers, or NetIQ eDirectory Servers.
  • Identity Collector Query Pool
    A list of Identity Sources for Check Point Identity Collector.
  • Identity Logging
    Check Point Software Blade on a Management Server to view Identity Logs from the managed Security Gateways with enabled Identity Awareness Software Blade.
  • Identity Server
    Check Point Security Gateway with enabled Identity Awareness Software Blade.
  • Internal Network
    Computers and resources protected by the Firewall and accessed by authenticated users.
  • IPS
    Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).
  • IPsec VPN
    Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.
    • J
  • Jumbo Hotfix Accumulator
    Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA.
    • K
  • Kerberos
    An authentication server for Microsoft Windows Active Directory Federation Services (ADFS).
    • L
  • Log Server
    Dedicated Check Point server that runs Check Point software to store and process logs.
  • Logging & Status
    Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways.
    • M
  • Management Interface
    (1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member. (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI.
  • Management Server
    Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.
  • Manual NAT Rules
    Manual configuration of NAT rules by the administrator of the Check Point Management Server.
  • Mobile Access
    Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.
  • Multi-Domain Log Server
    Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.
  • Multi-Domain Server
    Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.
    • N
  • NAC
    Network Access Control. This is an approach to computer security that attempts to unify endpoint security technology (such as Anti-Virus, Intrusion Prevention, and Vulnerability Assessment), user or system authentication and network security enforcement. Check Point's Network Access Control solution is called Identity Awareness Software Blade.
  • Network Object
    Logical object that represents different parts of corporate topology - computers, IP addresses, traffic protocols, and so on. Administrators use these objects in Security Policies.
  • Network Policy Management
    Check Point Software Blade on a Management Server to manage an on-premises environment with an Access Control and Threat Prevention policies.
    • O
  • Open Server
    Physical computer manufactured and distributed by a company, other than Check Point.
    • P
  • PDP
    Check Point Identity Awareness Security Gateway that acts as Policy Decision Point: acquires identities from identity sources; shares identities with other gateways.
  • PEP
    Check Point Identity Awareness Security Gateway that acts as Policy Enforcement Point: receives identities via identity sharing; redirects users to Captive Portal.
  • Provisioning
    Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM.
  • Publisher PDP
    Check Point Identity Awareness Security Gateway that gets identities from an identity source/remote PDP and shares identities to a remote PDP. The Publisher PDP: (1) Initiates an HTTPS connection to the Subscriber PDP for each Identity to be shared (2) Verifies the CN and OU present in the subject field of the certificate presented (3) Verifies that the CA's certificate matches the certificate that was approved in advance by the administrator (4) Checks if the certificate presented is revoked (5) Shares identities including the information about user(s), machine(s) and Access Roles in the form of HTTP POST requests.
    • Q
  • QoS
    Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.
    • R
  • Rule
    Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.
  • Rule Base
    All rules configured in a given Security Policy. Synonym: Rulebase.
    • S
  • SecureXL
    Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.
  • Security Gateway
    Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.
  • Security Management Server
    Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.
  • Security Policy
    Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.
  • Service Account
    In Microsoft® Active Directory, a user account created explicitly to provide a security context for services running on Microsoft® Windows® Server.
  • SIC
    Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.
  • SmartConsole
    Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.
  • SmartDashboard
    Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings.
  • SmartProvisioning
    Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM.
  • SmartUpdate
    Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment.
  • Software Blade
    Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.
  • Standalone
    Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server.
  • Subscriber PDP
    Check Point Identity Awareness Security Gateway that gets identities from a remote PDP. The Subscriber PDP: (1) Presents the configured SSL certificate to the Publisher PDP (2) Receives the information from the Publisher PDP after verifying the pre-shared secret in the POST requests.
    • T
  • Terminal Servers Identity Agent
    Dedicated client agent installed on Microsoft® Windows-based application server that hosts Terminal Servers, Citrix XenApp, and Citrix XenDesktop services. This client agent acquires and reports identities to the Check Point Identity Awareness Security Gateway. In the past, this client agent was called Multi-User Host (MUH) Agent. You can download the Terminal Servers Identity Agent from Support Center.
  • Threat Emulation
    Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.
  • Threat Extraction
    Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.
  • Transactions
    In the context of the Identity Collector, involves the aggregation of events from identity sources, the creation of a request, and the sending of this request to a target. The target then replies with a response. A transaction refers to this request-response.
    • U
  • Updatable Object
    Network object that represents an external service, such as Microsoft 365, AWS, Geo locations, and more.
  • URL Filtering
    Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.
  • User Directory
    Check Point Software Blade on a Management Server that integrates LDAP and other external user management servers with Check Point products and security solutions.
    • V
  • VSX
    Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts.
  • VSX Gateway
    Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.
    • Z
  • Zero Phishing
    Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.