Check Point Hosts

A Check Point Host can have multiple interfaces but no routing takes place. It is an endpoint that receives traffic for itself through its interfaces. (In comparison, a Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. routes traffic between its multiple interfaces.) For example, if you have two unconnected networks that share a common Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. and Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs., configure the common server as a Check Point Host object.

A Check Point Host has one or more Software Blades installed. But if the Firewall blade is enabled on the Check Point Host, it cannot function as a Security Gateway. The Host requires SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. and other features provided by the actual Security Gateway.

A Check Point Host has no routing mechanism, is not capable of IP forwarding, and cannot be used to implement Anti-Spoofing. If the host must do any of these, convert it to be a Security Gateway.

The Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. object is a Check Point Host.

Note - When you upgrade a Management Server from R77.30 or earlier versions, Node objects are converted to Host objects.