Glossary

    3
  • 3rd-party Cluster
    Cluster of Check Point Security Gateways that work together in a redundant configuration. These Check Point Security Gateways are installed on X-Series XOS, or IPSO OS. VRRP Cluster on Gaia OS is also considered a 3rd-party cluster. The 3rd-party cluster handles the traffic, and Check Point Security Gateways perform only State Synchronization.
    • A
  • Active
    State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism.
  • Active-Active
    A cluster mode (in versions R80.40 and higher), where cluster members are located in different geographical areas (different sites, different cloud availability zones). This mode supports the configuration of IP addresses from different subnets on all cluster interfaces, including the Sync interfaces. Each cluster member inspects all traffic routed to it and synchronizes the recorded connections to its peer cluster members. The traffic is not balanced between the cluster members.
  • Active Up
    ClusterXL in High Availability mode that was configured as Maintain current active Cluster Member in the cluster object in SmartConsole: (1) If the current Active member fails for some reason, or is rebooted (for example, Member_A), then failover occurs between Cluster Members - another Standby member will be promoted to be Active (for example, Member_B). (2) When former Active member (Member_A) recovers from a failure, or boots, the former Standby member (Member_B) will remain to be in Active state (and Member_A will assume the Standby state).
  • Active(!)
    In ClusterXL, state of the Active Cluster Member that suffers from a failure. A problem was detected, but the Cluster Member still forwards packets, because it is the only member in the cluster, or because there are no other Active members in the cluster. In any other situation, the state of the member is Down. Possible states: ACTIVE(!), ACTIVE(!F) - Cluster Member is in the freeze state, ACTIVE(!P) - This is the Pivot Cluster Member in Load Sharing Unicast mode, ACTIVE(!FP) - This is the Pivot Cluster Member in Load Sharing Unicast mode and it is in the freeze state.
  • Anti-Bot
    Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.
  • Anti-Spam
    Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM.
  • Anti-Virus
    Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.
  • Application Control
    Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.
  • ARP Forwarding
    Forwarding of ARP Request and ARP Reply packets between Cluster Members by encapsulating them in Cluster Control Protocol (CCP) packets. Introduced in R80.10 version.
  • Audit Log
    Log that contains administrator actions on a Management Server (login and logout, creation or modification of an object, installation of a policy, and so on).
    • B
  • Backup
    (1) In VRRP Cluster on Gaia OS - State of a Cluster Member that is ready to be promoted to Master state (if Master member fails). (2) In VSX Cluster configured in Virtual System Load Sharing mode with three or more Cluster Members - State of a Virtual System on a third (and so on) VSX Cluster Member. (3) A Cluster Member or Virtual System in this state does not process any traffic passing through cluster.
  • Blocking Mode
    Cluster operation mode, in which Cluster Member does not forward any traffic (for example, caused by a failure).
  • Bridge Mode
    Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.
    • C
  • Cluster
    Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.
  • Cluster Control Protocol
    Proprietary Check Point protocol that runs between Cluster Members on UDP port 8116, and has the following roles: (1) State Synchronization (Delta Sync), (2) Health checks (state of Cluster Members and of cluster interfaces): Health-status Reports, Cluster-member Probing, State-change Commands, Querying for cluster membership. Note: CCP is located between the Check Point Firewall kernel and the network interface (therefore, only TCPdump should be used for capturing this traffic). Acronym: CCP.
  • Cluster Correction Layer
    Proprietary Check Point mechanism that deals with asymmetric connections in Check Point cluster. The CCL provides connections stickiness by "correcting" the packets to the correct Cluster Member: In most cases, the CCL makes the correction from the CoreXL SND; in some cases (like Dynamic Routing, or VPN), the CCL makes the correction from the Firewall or SecureXL. Acronym: CCL.
  • Cluster Interface
    An interface on a Cluster Member, whose Network Type was set as Cluster in SmartConsole in cluster object. This interface is monitored by cluster, and failure on this interface will cause cluster failover.
  • Cluster Member
    Security Gateway that is part of a cluster.
  • Cluster Mode
    Configuration of Cluster Members to work in these redundant modes: (1) One Cluster Member processes all the traffic - High Availability or VRRP mode (2) All traffic is processed in parallel by all Cluster Members - Load Sharing.
  • Cluster Topology
    Set of interfaces on all members of a cluster and their settings (Network Objective, IP address / Net Mask, Topology, Anti-Spoofing, and so on).
  • ClusterXL
    Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic.
  • Compliance
    Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration.
  • Content Awareness
    Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.
  • CoreXL
    Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores.
  • CoreXL Firewall Instance
    On a Security Gateway with CoreXL enabled, the Firewall kernel is copied multiple times. Each replicated copy, or firewall instance, runs on one processing CPU core. These firewall instances handle traffic at the same time, and each firewall instance is a complete and independent firewall inspection kernel. Synonym: CoreXL FW Instance.
  • CoreXL SND
    Secure Network Distributer. Part of CoreXL that is responsible for: Processing incoming traffic from the network interfaces; Securely accelerating authorized packets (if SecureXL is enabled); Distributing non-accelerated packets between Firewall kernel instances (SND maintains global dispatching table, which maps connections that were assigned to CoreXL Firewall instances). Traffic distribution between CoreXL Firewall instances is statically based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type. The CoreXL SND does not really "touch" packets. The decision to stick to a particular FWK daemon is done at the first packet of connection on a very high level, before anything else. Depending on the SecureXL settings, and in most of the cases, the SecureXL can be offloading decryption calculations. However, in some other cases, such as with Route-Based VPN, it is done by FWK daemon.
  • CPHA
    General term in Check Point Cluster that stands for Check Point High Availability (historic fact: the first release of ClusterXL supported only High Availability) that is used only for internal references (for example, inside kernel debug) to designate ClusterXL infrastructure.
  • CPUSE
    Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself.
  • Critical Device
    A special software device on each Cluster Member, through which the critical aspects for cluster operation are monitored. When the critical monitored component on a Cluster Member fails to report its state on time, or when its state is reported as problematic, the state of that member is immediately changed to Down. The complete list of the configured critical devices (pnotes) is printed by the 'cphaprob -ia list' command or 'show cluster members pnotes all' command. Synonyms: Pnote, Problem Notification.
    • D
  • DAIP Gateway
    Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway, on which the IP address of the external interface is assigned dynamically by the ISP.
  • Data Loss Prevention
    Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.
  • Data Type
    Classification of data in a Check Point Security Policy for the Content Awareness Software Blade.
  • Dead
    State reported by a Cluster Member when it goes out of the cluster (due to 'cphastop' command (which is a part of 'cpstop'), or reboot).
  • Decision Function
    A special cluster algorithm applied by each Cluster Member on the incoming traffic in order to decide, which Cluster Member should process the received packet. Each Cluster Members maintains a table of hash values generated based on connections tuple (source and destination IP addresses/Ports, and Protocol number).
  • Delta Sync
    Synchronization of kernel tables between all working Cluster Members - exchange of CCP packets that carry pieces of information about different connections and operations that should be performed on these connections in relevant kernel tables. This Delta Sync process is performed directly by Check Point kernel. While performing Full Sync, the Delta Sync updates are not processed and saved in kernel memory. After Full Sync is complete, the Delta Sync packets stored during the Full Sync phase are applied by order of arrival.
  • Delta Sync Retransmission
    It is possible that Delta Sync packets will be lost or corrupted during the Delta Sync operations. In such cases, it is required to make sure the Delta Sync packet is re-sent. The Cluster Member requests the sending Cluster Member to retransmit the lost/corrupted Delta Sync packet. Each Delta Sync packet has a sequence number. The sending member has a queue of sent Delta Sync packets. Each Cluster Member has a queue of packets sent from each of the peer Cluster Members. If, for any reason, a Delta Sync packet was not received by a Cluster Member, it can ask for a retransmission of this packet from the sending member. The Delta Sync retransmission mechanism is somewhat similar to a TCP Window and TCP retransmission mechanism. When a member requests retransmission of Delta Sync packet, which no longer exists on the sending member, the member prints a console messages that the sync is not complete.
  • Distributed Deployment
    Configuration in which the Check Point Security Gateway and the Security Management Server products are installed on different computers.
  • Down
    State of a Cluster Member during a failure when one of the Critical Devices reports its state as "problem": In ClusterXL, applies to the state of the Security Gateway component; in 3rd-party / OPSEC cluster, applies to the state of the State Synchronization mechanism. A Cluster Member in this state does not process any traffic passing through cluster.
  • Dying
    State of a Cluster Member as assumed by peer members, if it did not report its state for 0.7 second.
  • Dynamic Object
    Special object type, whose IP address is not known in advance. The Security Gateway resolves the IP address of this object in real time.
    • E
  • Endpoint Policy Management
    Check Point Software Blade on a Management Server to manage an on-premises Harmony Endpoint Security environment.
  • Expert Mode
    The name of the elevated command line shell that gives full system root permissions in the Check Point Gaia operating system.
    • F
  • Failback
    Recovery of a Cluster Member that suffered from a failure. The state of a recovered Cluster Member is changed from Down to either Active, or Standby (depending on Cluster Mode). Synonym: Fallback.
  • Failed Member
    A Cluster Member that cannot send or accept traffic because of a hardware or software problem.
  • Failover
    Transferring of a control over traffic (packet filtering) from a Cluster Member that suffered a failure to another Cluster Member (based on internal cluster algorithms). Synonym: Fail-over.
  • Failure
    A hardware or software problem that causes a Security Gateway to be unable to serve as a Cluster Member (for example, one of cluster interface has failed, or one of the monitored daemon has crashed). Cluster Member that suffered from a failure is declared as failed, and its state is changed to Down (a physical interface is considered Down only if all configured VLANs on that physical interface are Down).
  • Flapping
    Consequent changes in the state of either cluster interfaces (cluster interface flapping), or Cluster Members (Cluster Member flapping). Such consequent changes in the state are seen in the 'Logs & Monitor' > 'Logs' (if in SmartConsole > cluster object, the cluster administrator set the 'Track changes in the status of cluster members' to 'Log').
  • Flush and ACK
    Cluster Member forces the Delta Sync packet about the incoming packet and waiting for acknowledgments from all other Active members and only then allows the incoming packet to pass through. In some scenarios, it is required that some information, written into the kernel tables, will be Sync-ed promptly, or else a race condition can occur. The race condition may occur if a packet that caused a certain change in kernel tables left Member_A toward its destination and then the return packet tries to go through Member_B. In general, this kind of situation is called asymmetric routing. What may happen in this scenario is that the return packet arrives at Member_B before the changes induced by this packet were Sync-ed to this Member_B. Example of such a case is when a SYN packet goes through Member_A, causing multiple changes in the kernel tables and then leaves to a server. The SYN-ACK packet from a server arrives at Member_B, but the connection itself was not Sync-ed yet. In this condition, the Member_B will drop the packet as an Out-of-State packet (First packet isn't SYN). In order to prevent such conditions, it is possible to use the "Flush and ACK" (F&A) mechanism. This mechanism can send the Delta Sync packets with all the changes accumulated so far in the Sync buffer to the other Cluster Members, hold the original packet that induced these changes and wait for acknowledgment from all other (Active) Cluster Members that they received the information in the Delta Sync packet. When all acknowledgments arrived, the mechanism will release the held original packet. This ensures that by the time the return packet arrived from a server at the cluster, all the Cluster Members are aware of the connection. F&A is being operated at the end of the Inbound chain and at the end of the Outbound chain (it is more common at the Outbound). Synonyms: FnA, F&A.
  • Forwarding
    Process of transferring of an incoming traffic from one Cluster Member to another Cluster Member for processing. There are two types of forwarding the incoming traffic between Cluster Members - Packet forwarding and Chain forwarding. For more information, see "Forwarding Layer in Cluster" and "ARP Forwarding".
  • Forwarding Layer
    The Forwarding Layer is a ClusterXL mechanism that allows a Cluster Member to pass packets to peer Cluster Members, after they have been locally inspected by the firewall. This feature allows connections to be opened from a Cluster Member to an external host. Packets originated by Cluster Members are hidden behind the Cluster Virtual IP address. Thus, a reply from an external host is sent to the cluster, and not directly to the source Cluster Member. This can pose problems in the following situations: (1) The cluster is working in High Availability mode, and the connection is opened from the Standby Cluster Member. All packets from the external host are handled by the Active Cluster Member, instead. (2) The cluster is working in a Load Sharing mode, and the decision function has selected another Cluster Member to handle this connection. This can happen since packets directed at a Cluster IP address are distributed between Cluster Members as with any other connection. If a Cluster Member decides, upon the completion of the firewall inspection process, that a packet is intended for another Cluster Member, it can use the Forwarding Layer to hand the packet over to that Cluster Member. In High Availability mode, packets are forwarded over a Synchronization network directly to peer Cluster Members. It is important to use secured networks only, as encrypted packets are decrypted during the inspection process, and are forwarded as clear-text (unencrypted) data. In Load Sharing mode, packets are forwarded over a regular traffic network. Packets that are sent on the Forwarding Layer use a special source MAC address to inform the receiving Cluster Member that they have already been inspected by another Cluster Member. Thus, the receiving Cluster Member can safely hand over these packets to the local Operating System, without further inspection.
  • Full High Availability
    A special Cluster Mode supported only on Check Point appliances running Gaia OS (R75.40 and higher) or SecurePlatform OS (R77.30 and lower), where each Cluster Member also runs as a Security Management Server. This provides redundancy both between Security Gateways (only High Availability is supported) and between Security Management Servers (only High Availability is supported). Synonyms: Full HA Cluster Mode, Full HA, FullHA.
  • Full Sync
    Process of full synchronization of applicable kernel tables by a Cluster Member from the working Cluster Member(s) when it tries to join the existing cluster. This process is meant to fetch a ‎"snapshot" of the applicable kernel tables of already Active Cluster Member(s). Full Sync is performed during the initialization of Check Point software (during boot process, the first time the Cluster Member runs policy installation, during 'cpstart', during 'cphastart'). Until the Full Sync process completes successfully, this Cluster Member remains in the Down state, because until it is fully synchronized with other Cluster Members, it cannot function as a Cluster Member. Meanwhile, the Delta Sync packets continue to arrive, and the Cluster Member that tries to join the existing cluster, stores them in the kernel memory until the Full Sync completes. The whole Full Sync process is performed by fwd daemons on TCP port 256 over the Sync network (if it fails over the Sync network, it tries the other cluster interfaces). The information is sent by fwd daemons in chunks, while making sure they confirm getting the information before sending the next chunk. Also see "Delta Sync".
    • G
  • Gaia
    Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems.
  • Gaia Clish
    The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).
  • Gaia Portal
    Web interface for the Check Point Gaia operating system.
  • Geo Cluster
    A High Availability cluster mode (in versions R81.20 and higher), where cluster members are located in different cloud availability zones. This mode supports the configuration of IP addresses from different subnets on all cluster interfaces, including the Sync interfaces. The Active cluster member inspects all traffic routed to the cluster and synchronizes the recorded connections to its peer cluster members. The traffic is not balanced between the cluster members. See "High Availability".
    • H
  • HA not started
    Output of the 'cphaprob <flag>' command or 'show cluster <option>' command on the Cluster Member. This output means that Check Point clustering software is not started on this Security Gateway (for example, this machine is not a part of a cluster, or 'cphastop' command was run, or some failure occurred that prevented the ClusterXL product from starting correctly).
  • High Availability
    A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA.
  • Hotfix
    Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior.
  • HTTPS Inspection
    Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.
  • HTU
    Stands for "HA Time Unit". All internal time in ClusterXL is measured in HTUs (the times in cluster debug also appear in HTUs). Formula in the Check Point software: 1 HTU = 10 x fwha_timer_base_res = 10 x 10 milliseconds = 100 ms.
  • Hybrid
    Starting in R80.20, on Security Gateways with 40 or more CPU cores, Software Blades run in the user space (as 'fwk' processes). The Hybrid Mode refers to the state when you upgrade Cluster Members from R80.10 (or below) to R80.20 (or above). The Hybrid Mode is the state, in which the upgraded Cluster Members already run their Software Blades in the user space (as fwk processes), while other Cluster Members still run their Software Blades in the kernel space (represented by the fw_worker processes). In the Hybrid Mode, Cluster Members are able to synchronize the required information.
    • I
  • ICA
    Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.
  • Identity Awareness
    Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.
  • Identity Logging
    Check Point Software Blade on a Management Server to view Identity Logs from the managed Security Gateways with enabled Identity Awareness Software Blade.
  • Init
    State of a Cluster Member in the phase after the boot and until the Full Sync completes. A Cluster Member in this state does not process any traffic passing through cluster.
  • Internal Network
    Computers and resources protected by the Firewall and accessed by authenticated users.
  • IP Tracking
    Collecting and saving of Source IP addresses and Source MAC addresses from incoming IP packets during the probing. IP tracking is a useful for Cluster Members to determine whether the network connectivity of the Cluster Member is acceptable.
  • IP Tracking Policy
    Internal setting that controls, which IP addresses should be tracked during IP tracking: (1) Only IP addresses from the subnet of cluster VIP, or from subnet of physical cluster interface (this is the default) (2) All IP addresses, also outside the cluster subnet.
  • IPS
    Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).
  • IPsec VPN
    Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.
    • J
  • Jumbo Hotfix Accumulator
    Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA.
    • K
  • Kerberos
    An authentication server for Microsoft Windows Active Directory Federation Services (ADFS).
    • L
  • Load Sharing
    A redundant cluster mode, where all Cluster Members process all incoming traffic in parallel. For more information, see "Load Sharing Multicast Mode" and "Load Sharing Unicast Mode". Synonyms: Active/Active, Load Balancing mode. Acronym: LS.
  • Load Sharing Multicast
    Load Sharing Cluster Mode, where all Cluster Members process all traffic in parallel. Each Cluster Member is assigned the equal load of [ 100% / number_of_members ]. The Cluster Virtual IP address (that represents the cluster on that network) is associated with Multicast MAC Address 01:00:5E:X:Y:Z (which is generated based on last 3 bytes of cluster Virtual IP address on that network). A ClusterXL decision algorithm (Decision Function) on all Cluster Members decides, which Cluster Member should process the given packet.
  • Load Sharing Unicast
    Load Sharing Cluster Mode, where one Cluster Member (called Pivot) accepts all traffic. Then, the Pivot member decides to process this traffic, or to forward it to other non-Pivot Cluster Members. The traffic load is assigned to Cluster Members based on the hard-coded formula per the value of "Pivot_overhead" attribute in the cluster object. The Cluster Virtual IP address (that represents the cluster on that network) is associated with: (1) Physical MAC Address of Pivot member (2) Virtual MAC Address.
  • Log Server
    Dedicated Check Point server that runs Check Point software to store and process logs.
  • Logging & Status
    Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways.
    • M
  • Management Interface
    (1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member. (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI.
  • Management Server
    Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.
  • Manual NAT Rules
    Manual configuration of NAT rules by the administrator of the Check Point Management Server.
  • Master
    State of a Cluster Member that processes all traffic in cluster configured in VRRP mode.
  • Mobile Access
    Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.
  • Multi-Domain Log Server
    Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.
  • Multi-Domain Server
    Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.
  • Multi-Version Cluster
    The Multi-Version Cluster mechanism lets you synchronize connections between cluster members that run different versions. This lets you upgrade to a newer version without a loss in connectivity and lets you test the new version on some of the cluster members before you decide to upgrade the rest of the cluster members. Acronym: MVC.
    • N
  • Network Object
    Logical object that represents different parts of corporate topology - computers, IP addresses, traffic protocols, and so on. Administrators use these objects in Security Policies.
  • Network Objective
    Defines how the cluster will configure and monitor an interface - Cluster, Sync, Cluster+Sync, Monitored Private, Non-Monitored Private. Configured in SmartConsole > cluster object > 'Topology' pane > 'Network Objective'.
  • Network Policy Management
    Check Point Software Blade on a Management Server to manage an on-premises environment with an Access Control and Threat Prevention policies.
  • Non-Blocking Mode
    Cluster operation mode, in which Cluster Member keeps forwarding all traffic.
  • Non-Monitored Interface
    An interface on a Cluster Member, whose Network Type was set as Private in SmartConsole, in cluster object.
  • Non-Pivot
    A Cluster Member in the Unicast Load Sharing cluster that receives all packets from the Pivot Cluster Member.
  • Non-Sticky Connection
    A connection is called non-sticky, if the reply packet returns via a different Cluster Member, than the original packet (for example, if network administrator has configured asymmetric routing). In Load Sharing mode, all Cluster Members are Active, and in Static NAT and encrypted connections, the Source and Destination IP addresses change. Therefore, Static NAT and encrypted connections through a Load Sharing cluster may be non-sticky.
    • O
  • Open Server
    Physical computer manufactured and distributed by a company, other than Check Point.
    • P
  • Packet Selection
    Distinguishing between different kinds of packets coming from the network, and selecting, which member should handle a specific packet (Decision Function mechanism): CCP packet from another member of this cluster; CCP packet from another cluster or from a Cluster; Member with another version (usually older version of CCP); Packet is destined directly to this member; Packet is destined to another member of this cluster; Packet is intended to pass through this Cluster Member; ARP packets.
  • Pingable Host
    Some host (that is, some IP address) that Cluster Members can ping during probing mechanism. Pinging hosts in an interface's subnet is one of the health checks that ClusterXL mechanism performs. This pingable host will allow the Cluster Members to determine with more precision what has failed (which interface on which member). On Sync network, usually, there are no hosts. In such case, if switch supports this, an IP address should be assigned on the switch (for example, in the relevant VLAN). The IP address of such pingable host should be assigned per this formula: IP_of_pingable_host = IP_of_physical_interface_on_member + ~10. Assigning the IP address to pingable host that is higher than the IP addresses of physical interfaces on the Cluster Members will give some time to Cluster Members to perform the default health checks. Example: IP address of physical interface on a given subnet on Member_A is 10.20.30.41; IP address of physical interface on a given subnet on Member_B is 10.20.30.42; IP address of pingable host should be at least 10.20.30.5
  • Pivot
    A Cluster Member in the Unicast Load Sharing cluster that receives all packets. Cluster Virtual IP addresses are associated with Physical MAC Addresses of this Cluster Member. This Pivot Cluster Member distributes the traffic between other Non-Pivot Cluster Members.
  • Preconfigured Mode
    Cluster Mode, where cluster membership is enabled on all Cluster Members to be. However, no policy had been yet installed on any of the Cluster Members - none of them is actually configured to be primary, secondary, and so on. The cluster cannot function, if one Cluster Member fails. In this scenario, the "preconfigured mode" takes place. The preconfigured mode also comes into effect when no policy is yet installed, right after the Cluster Members came up after boot, or when running the 'cphaconf init' command.
  • Primary Up
    ClusterXL in High Availability mode that was configured as Switch to higher priority Cluster Member in the cluster object in SmartConsole: (1) Each Cluster Member is given a priority (SmartConsole > cluster object > 'Cluster Members' pane). Cluster Member with the highest priority appears at the top of the table, and Cluster Member with the lowest priority appears at the bottom of the table. (2) The Cluster Member with the highest priority will assume the Active state. (3) If the current Active Cluster Member with the highest priority (for example, Member_A), fails for some reason, or is rebooted, then failover occurs between Cluster Members. The Cluster Member with the next highest priority will be promoted to be Active (for example, Member_B). (4) When the Cluster Member with the highest priority (Member_A) recovers from a failure, or boots, then additional failover occurs between Cluster Members. The Cluster Member with the highest priority (Member_A) will be promoted to Active state (and Member_B will return to Standby state).
  • Private Interface
    An interface on a Cluster Member, whose Network Type was set as 'Private' in SmartConsole in cluster object. This interface is not monitored by cluster, and failure on this interface will not cause any changes in Cluster Member's state.
  • Probing
    If a Cluster Member fails to receive status for another member (does not receive CCP packets from that member) on a given segment, Cluster Member will probe that segment in an attempt to illicit a response. The purpose of such probes is to detect the nature of possible interface failures, and to determine which module has the problem. The outcome of this probe will determine what action is taken next (change the state of an interface, or of a Cluster Member).
  • Provisioning
    Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM.
    • Q
  • QoS
    Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.
    • R
  • Ready
    State of a Cluster Member during after initialization and before promotion to the next required state - Active / Standby / VRRP Master / VRRP Backup (depending on Cluster Mode). A Cluster Member in this state does not process any traffic passing through cluster. A member can be stuck in this state due to several reasons.
  • Rule
    Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.
  • Rule Base
    All rules configured in a given Security Policy. Synonym: Rulebase.
    • S
  • Same VMAC
    Same Virtual MAC Address (see "VMAC"). When this feature is enabled in a ClusterXL (in the High Availability or Load Sharing Unicast mode), the Cluster Members use Virtual MAC (VMAC) addresses on the cluster interfaces instead of the real MAC addresses. Cluster interfaces that belong to the same subnet get the same VMAC address instead of their real MAC address. This feature helps avoid issues during the cluster operation, when switches block ports connected to the Cluster Members.
  • SecureXL
    Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.
  • Security Gateway
    Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.
  • Security Management Server
    Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.
  • Security Policy
    Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.
  • Selection
    The packet selection mechanism is one of the central and most important components in the ClusterXL product and State Synchronization infrastructure for 3rd-party clustering solutions. Its main purpose is to decide (to select) correctly what has to be done to the incoming and outgoing traffic on the Cluster Member. (1) In ClusterXL, the packet is selected by Cluster Member(s) depending on the cluster mode: In HA modes - by Active member; In LS Unicast mode - by Pivot member; In LS Multicast mode - by all members. Then the Cluster Member applies the Decision Function (and the Cluster Correction Layer). (2) In 3rd-party / OPSEC cluster, the 3rd-party software selects the packet, and Check Point software just inspects it (and performs State Synchronization).
  • SIC
    Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.
  • Silent Standby
    In the ClusterXL High Availability mode, this feature configures the Standby cluster member to communicate only through the Active cluster member. This feature is useful when it is necessary to connect from Standby cluster members to a host / server on the network.
  • SmartConsole
    Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.
  • SmartDashboard
    Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings.
  • SmartProvisioning
    Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM.
  • SmartUpdate
    Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment.
  • Software Blade
    Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.
  • Standalone
    Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server.
  • Standby
    State of a Cluster Member that is ready to be promoted to Active state (if the current Active Cluster Member fails). Applies only to ClusterXL High Availability Mode.
  • State Synchronization
    Technology that synchronizes the relevant information about the current connections (stored in various kernel tables on Check Point Security Gateways) among all Cluster Members over Synchronization Network. Due to State Synchronization, the current connections are not cut off during cluster failover.
  • Sticky Connection
    A connection is called sticky, if all packets are handled by a single Cluster Member (in High Availability mode, all packets reach the Active Cluster Member, so all connections are sticky).
  • Subscribers
    User Space processes that are made aware of the current state of the ClusterXL state machine and other clustering configuration parameters. List of such subscribers can be obtained by running the 'cphaconf debug_data' command.
  • Sync Interface
    An interface on a Cluster Member, whose Network Type was set as Sync or Cluster+Sync in SmartConsole in cluster object. This interface is monitored by cluster, and failure on this interface will cause cluster failover. This interface is used for State Synchronization between Cluster Members. The use of more than one Sync Interfaces for redundancy is not supported because the CPU load will increase significantly due to duplicate tasks performed by all configured Synchronization Networks. Synonyms: Secured Interface, Trusted Interface.
  • Synchronization Network
    A set of interfaces on Cluster Members that were configured as interfaces, over which State Synchronization information will be passed (as Delta Sync packets ). The use of more than one Synchronization Network for redundancy is not supported because the CPU load will increase significantly due to duplicate tasks performed by all configured Synchronization Networks. Synonyms: Sync Network, Secured Network, Trusted Network.
    • T
  • Threat Emulation
    Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.
  • Threat Extraction
    Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.
    • U
  • Updatable Object
    Network object that represents an external service, such as Microsoft 365, AWS, Geo locations, and more.
  • URL Filtering
    Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.
  • User Directory
    Check Point Software Blade on a Management Server that integrates LDAP and other external user management servers with Check Point products and security solutions.
    • V
  • VMAC
    Virtual MAC Address. When this feature is enabled in a ClusterXL (in the High Availability or Load Sharing Unicast mode), the current Active or Pivot Cluster Member sends Gratuitous ARP Requests (G-ARP) for its Cluster Virtual IP (VIP) addresses and Virtual MAC (VMAC) addresses in G-ARP updates. Cluster Members create a VMAC address for each Cluster VIP address. This feature helps avoid issues during a cluster failover, when switches do not integrate G-ARP updates into their ARP cache table.
  • VSX
    Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts.
  • VSX Gateway
    Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.
    • Z
  • Zero Phishing
    Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.