Terms
Active/Standby
A High Availability cluster where only one member handles connections.
Administrator
A SmartDashboard or SmartDomain Manager user with permissions to manage Check Point security products and the network environment.
Affinity
The assignment of a specified process, Firewall instance, VSX Virtual System, interface or IRQ with one or more CPU cores.
Bond
A virtual interface that contains two or more physical interfaces for redundancy and load sharing.
BPDU
Bridge Protocol Data Unit. Data messages that are sent between switches in an extended LAN that uses a Spanning Tree Protocol (STP) topology.
Bridge Mode
A Security Gateway or Virtual System that works as layer-2 bridge device for easy deployment in an existing topology.
CCP
Cluster Control Protocol. Proprietary Check Point protocol that manages synchronization between High Availability between cluster members.
Chassis
The container that contains the all the components of a 61000/41000 Security System.
Cluster
Two or more Security Gateways connected to each other for High Availability and/or Load Sharing.
Cluster Member
A Security Gateway that is part of a cluster.
ClusterXL
Check Point software-based cluster solution for Security Gateway redundancy and Load Sharing.
CMM
Chassis Management Module. Hardware component that controls and monitors Chassis operation. This includes fan speed, Chassis and module temperature, and component hot-swapping.
CoreXL
A performance-enhancing technology for Security Gateways on multi-core processing platforms.
Failover
A redundancy operation, where one cluster member automatically takes over for a failed member.
Firewall
The software and hardware that protects a computer network by analyzing the incoming and outgoing network traffic (packets).
Firewall Instance
On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy, or firewall instance, runs on one processing core. These instances handle traffic concurrently, and each instance is a complete and independent inspection kernel.
GARP
Gratuitous Address Resolution Protocol. An ARP request or reply that is not normally required by the ARP specification (RFC 826).
Hybrid System
A 61000/41000 Security System that includes SGMs that have different quantities of CPU cores and configured CoreXL instances.
Link Aggregation
A technology that joins multiple physical interfaces together into one virtual interface, known as a bond interface. Also known as .
Management Server
A Security Management Server or a Multi-Domain Security Management Multi-Domain Server that manages one or more Security Gateways and security policies.
Multi Domain Log Server
Physical server that contains the log database for all Domains.
Multi-Domain Security Management
A centralized management solution for large-scale, distributed environments with many different network Domain Management Servers.
Multi-Domain Server
A physical server that contains system information and policy databases for all Domains in an enterprise environment.
Packet
A formatted unit of data that moves on computer networks.
PEM
Power Entry Module. Hardware component that supplies DC power to the Chassis with EMC filtering and over-current protection.
Permissions Profile
A predefined group of SmartConsole access permissions assigned to Domains and administrators. This feature lets you configure complex permissions for many administrators with one definition.
Policy
A collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources through the use of packet inspection.
Primary Multi-Domain Server
The first Multi-Domain Server that you define and log into in a High Availability deployment.
PSU
Power Supply Unit. Hardware component that supplies AC power to the chassis with filtering and over-current protection.
Secondary Multi-Domain Server
All Multi-Domain Servers in a High Availability deployment created after the Primary Multi-Domain Server.
Security Gateway
A computer or appliance that inspects traffic and enforces Security Policies for connected network resources.
Security Management Server
The application that manages, stores, and distributes the security policy to Security Gateways.
SGM
Security Gateway Module. 61000/41000 Security System hardware component that operates as a physical Security Gateway. A Chassis contains many Security Gateway Modules that work together as a single, high performance Security Gateway or VSX Gateway.
SIC
Secure Internal Communication. The process by which networking components authenticate over SSL between themselves and the Security Management Server, as the Internal Certificate Authority (ICA), for secure communication. The Security Management Server issues a certificate, which components use to validate the identity of others.
SmartDashboard
A Check Point client used to create and manage the security policy.
SmartUpdate
SmartConsole client used to centrally upgrade and manage Check Point software and licenses.
SMO
Single Management Object. A Check Point technology that manages the 61000/41000 Security System as one large Security Gateway with one management IP address. All management tasks, are handled by one SGM (the SMO Master), which updates all other SGMs. All management tasks, such as Security Gateway configuration, policy installation, remote connections and logging are handled by the SMO master.
SMO Master
The physical SGM that handles management tasks for all SGMs in a 61000/41000 Security System environment. By default, the SGM with the lowest ID number assigned this role.
SNMP
Simple Network Management Protocol. A protocol used to monitor the activity of hardware and software in a network.
SNMP Counter
An SNMP object with an integer value that increases by one when a specified event occurs. Counters are typically used as performance metrics, such as network throughput, dropped packets, or error events.
SNMP Trap
A notification of an event generated by an SNMP-enabled device and sent to the SNMP server.
SSM
Security Switch Module. Hardware component that manages the flow of network traffic to and from the Security Gateway Modules.
Standby Domain Management Server
All Domain Management Servers for a Domain that are not designated as the active Domain Management Server.
Standby Multi-Domain Server
All Multi-Domain Servers in a High Availability deployment that cannot manage global policies and objects. Standby Multi-Domain Servers are synchronized with the active Multi-Domain Server.
Traffic
The flow of data between network resources.
Virtual Device
A logical object that emulates the functionality of a type of physical network object.
Virtual Router
A virtual device that functions as a physical router.
Virtual Switch
Also vSwitch. A software abstraction of a physical Ethernet switch that can connect to physical switches through physical network adapters, to join virtual networks with physical networks.
Virtual System
A virtual device that implements the functionality of a Security Gateway.
VLAN
Virtual Local Area Network. Open servers or appliances connected to a virtual network, which are not physically connected to the same network.
VLAN Trunk
A connection between two switches that contains multiple VLANs.
VPN
Virtual Private Network. A secure, encrypted connection between networks and remote clients on a public infrastructure, to give authenticated remote users and sites secured access to an organization's network and resources.
VSLS
Virtual System Load Sharing. A VSX cluster technology that assigns Virtual System traffic to different active cluster members.
VSX
Definition: Virtual System Extension - Check Point virtual networking solution, hosted on a single computer or cluster containing virtual abstractions of Check Point Security Gateways and other network devices. These virtual devices provide the same functionality as their physical counterparts.
VSX Gateway
Physical server that hosts VSX virtual networks, including all virtual devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.
Warp Link
An interface between a Virtual System and a Virtual Switch or Virtual Router that is created automatically in a VSX topology.
|
