Glossary

3
• 3rd-party Cluster
  Cluster of Check Point Security Gateways that work together in a redundant configuration. These Check Point Security Gateways are installed on X-Series XOS, or IPSO OS. VRRP Cluster on Gaia OS is also considered a 3rd-party cluster. The 3rd-party cluster handles the traffic, and Check Point Security Gateways perform only State Synchronization.
A
• Accelerated Path
  Packet flow on the Host appliance, when the packet is completely handled by the SecureXL device. It is processed and forwarded to the network.
• Access Role
  Access Role objects let you configure network access according to: Networks, Users and user groups, Computers and computer groups, Remote Access Clients. After you activate the Identity Awareness Software Blade, you can create Access Role objects and use them in the Source and Destination columns of Access Control Policy rules.
• Active
  State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism.
• Active-Active
  A cluster mode (in versions R80.40 and higher), where cluster members are located in different geographical areas (different sites, different cloud availability zones). This mode supports the configuration of IP addresses from different subnets on all cluster interfaces, including the Sync interfaces. Each cluster member inspects all traffic routed to it and synchronizes the recorded connections to its peer cluster members. The traffic is not balanced between the cluster members.
• Active Domain Server
  The only Domain Management Server in a Management High Availability deployment that can manage a specified Domain.
• Active Security Management Server
  The Management Server in Management High Availability that is currently configured as Active.
• Active Up
  ClusterXL in High Availability mode that was configured as Maintain current active Cluster Member in the cluster object in SmartConsole: (1) If the current Active member fails for some reason, or is rebooted (for example, Member_A), then failover occurs between Cluster Members - another Standby member will be promoted to be Active (for example, Member_B). (2) When former Active member (Member_A) recovers from a failure, or boots, the former Standby member (Member_B) will remain to be in Active state (and Member_A will assume the Standby state).
• Active(!)
  In ClusterXL, state of the Active Cluster Member that suffers from a failure. A problem was detected, but the Cluster Member still forwards packets, because it is the only member in the cluster, or because there are no other Active members in the cluster. In any other situation, the state of the member is Down. Possible states: ACTIVE(!), ACTIVE(!F) - Cluster Member is in the freeze state, ACTIVE(!P) - This is the Pivot Cluster Member in Load Sharing Unicast mode, ACTIVE(!FP) - This is the Pivot Cluster Member in Load Sharing Unicast mode and it is in the freeze state.
• AD Query
  Check Point clientless identity acquisition tool. It is based on Active Directory integration and it is completely transparent to the user. The technology is based on querying the Active Directory Security Event Logs and extracting the user and computer mapping to the network address from them. It is based on Windows Management Instrumentation (WMI), a standard Microsoft protocol. The Check Point Security Gateway communicates directly with the Active Directory domain controllers and does not require a separate server. No installation is necessary on the clients, or on the Active Directory server.
• Affinity
  The assignment of a specified CoreXL Firewall instance, VSX Virtual System, interface, user space process, or IRQ to one or more specified CPU cores.
• Anti-Bot
  Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.
• Anti-Spam
  Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM.
• Anti-Virus
  Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.
• Application Control
  Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.
• ARP Forwarding
  Forwarding of ARP Request and ARP Reply packets between Cluster Members by encapsulating them in Cluster Control Protocol (CCP) packets. Introduced in R80.10 version.
• Ask
  UserCheck rule action that blocks traffic and files and shows a UserCheck message. The user can agree to allow the activity.
• Audit Log
  Log that contains administrator actions on a Management Server (login and logout, creation or modification of an object, installation of a policy, and so on).
B
• Backup
  (1) In VRRP Cluster on Gaia OS - State of a Cluster Member that is ready to be promoted to Master state (if Master member fails). (2) In VSX Cluster configured in Virtual System Load Sharing mode with three or more Cluster Members - State of a Virtual System on a third (and so on) VSX Cluster Member. (3) A Cluster Member or Virtual System in this state does not process any traffic passing through cluster.
• Blocking Mode
  Cluster operation mode, in which Cluster Member does not forward any traffic (for example, caused by a failure).
• Bot
  Malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions.
• Bridge Mode
  Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.
• Browser-Based Authentication
  Authentication of users in Check Point Identity Awareness web portal - Captive Portal, to which users connect with their web browser to log in and authenticate.
• Burstiness
  Data that is transferred or transmitted in short, uneven spurts. LAN traffic is typically bursty. Opposite of streaming data.
C
• Captive Portal
  A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication.
• Cluster
  Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.
• Cluster Control Protocol
  Proprietary Check Point protocol that runs between Cluster Members on UDP port 8116, and has the following roles: (1) State Synchronization (Delta Sync), (2) Health checks (state of Cluster Members and of cluster interfaces): Health-status Reports, Cluster-member Probing, State-change Commands, Querying for cluster membership. Note: CCP is located between the Check Point Firewall kernel and the network interface (therefore, only TCPdump should be used for capturing this traffic). Acronym: CCP.
• Cluster Correction Layer
  Proprietary Check Point mechanism that deals with asymmetric connections in Check Point cluster. The CCL provides connections stickiness by "correcting" the packets to the correct Cluster Member: In most cases, the CCL makes the correction from the CoreXL SND; in some cases (like Dynamic Routing, or VPN), the CCL makes the correction from the Firewall or SecureXL. Acronym: CCL.
• Cluster Interface
  An interface on a Cluster Member, whose Network Type was set as Cluster in SmartConsole in cluster object. This interface is monitored by cluster, and failure on this interface will cause cluster failover.
• Cluster Member
  Security Gateway that is part of a cluster.
• Cluster Mode
  Configuration of Cluster Members to work in these redundant modes: (1) One Cluster Member processes all the traffic - High Availability or VRRP mode (2) All traffic is processed in parallel by all Cluster Members - Load Sharing.
• Cluster Topology
  Set of interfaces on all members of a cluster and their settings (Network Objective, IP address / Net Mask, Topology, Anti-Spoofing, and so on).
• ClusterXL
  Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic.
• Compliance
  Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration.
• Content Awareness
  Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.
• Cooperative Enforcement
  Integration of an on-premises Harmony Endpoint Security Server and Security Gateway.
• CoreXL
  Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores.
• CoreXL Dynamic Dispatcher
  Improved CoreXL SND feature. Part of CoreXL that distributes packets between CoreXL Firewall instances. Traffic distribution between CoreXL Firewall instances is dynamically based on the utilization of CPU cores, on which the CoreXL Firewall instances are running. The dynamic decision is made for first packets of connections, by assigning each of the CoreXL Firewall instances a rank, and selecting the CoreXL Firewall instance with the lowest rank. The rank for each CoreXL Firewall instance is calculated according to its CPU utilization. The higher the CPU utilization, the higher the CoreXL Firewall instance's rank is, hence this CoreXL Firewall instance is less likely to be selected by the CoreXL SND.
• CoreXL Firewall Instance
  On a Security Gateway with CoreXL enabled, the Firewall kernel is copied multiple times. Each replicated copy, or firewall instance, runs on one processing CPU core. These firewall instances handle traffic at the same time, and each firewall instance is a complete and independent firewall inspection kernel. Synonym: CoreXL FW Instance.
• CoreXL SND
  Secure Network Distributer. Part of CoreXL that is responsible for: Processing incoming traffic from the network interfaces; Securely accelerating authorized packets (if SecureXL is enabled); Distributing non-accelerated packets between Firewall kernel instances (SND maintains global dispatching table, which maps connections that were assigned to CoreXL Firewall instances). Traffic distribution between CoreXL Firewall instances is statically based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type. The CoreXL SND does not really "touch" packets. The decision to stick to a particular FWK daemon is done at the first packet of connection on a very high level, before anything else. Depending on the SecureXL settings, and in most of the cases, the SecureXL can be offloading decryption calculations. However, in some other cases, such as with Route-Based VPN, it is done by FWK daemon.
• CPHA
  General term in Check Point Cluster that stands for Check Point High Availability (historic fact: the first release of ClusterXL supported only High Availability) that is used only for internal references (for example, inside kernel debug) to designate ClusterXL infrastructure.
• CPUSE
  Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself.
• Critical Device
  A special software device on each Cluster Member, through which the critical aspects for cluster operation are monitored. When the critical monitored component on a Cluster Member fails to report its state on time, or when its state is reported as problematic, the state of that member is immediately changed to Down. The complete list of the configured critical devices (pnotes) is printed by the 'cphaprob -ia list' command or 'show cluster members pnotes all' command. Synonyms: Pnote, Problem Notification.
• Custom Report
  User-defined report for a Check Point product, typically based on a predefined report.
D
• DAIP Gateway
  Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway, on which the IP address of the external interface is assigned dynamically by the ISP.
• Data Loss Prevention
  Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.
• Data Type
  Classification of data in a Check Point Security Policy for the Content Awareness Software Blade.
• Dead
  State reported by a Cluster Member when it goes out of the cluster (due to 'cphastop' command (which is a part of 'cpstop'), or reboot).
• Decision Function
  A special cluster algorithm applied by each Cluster Member on the incoming traffic in order to decide, which Cluster Member should process the received packet. Each Cluster Members maintains a table of hash values generated based on connections tuple (source and destination IP addresses/Ports, and Protocol number).
• Dedicated Management Interface
  Separate physical interface on VSX Gateway or VSX Cluster Members, through which Check Point Security Management Server or Multi-Domain Server connects directly to VSX Gateway or VSX Cluster Members. DMI is restricted to management traffic, such as provisioning, logging and monitoring. Acronym: DMI.
• Delta Sync
  Synchronization of kernel tables between all working Cluster Members - exchange of CCP packets that carry pieces of information about different connections and operations that should be performed on these connections in relevant kernel tables. This Delta Sync process is performed directly by Check Point kernel. While performing Full Sync, the Delta Sync updates are not processed and saved in kernel memory. After Full Sync is complete, the Delta Sync packets stored during the Full Sync phase are applied by order of arrival.
• Delta Sync Retransmission
  It is possible that Delta Sync packets will be lost or corrupted during the Delta Sync operations. In such cases, it is required to make sure the Delta Sync packet is re-sent. The Cluster Member requests the sending Cluster Member to retransmit the lost/corrupted Delta Sync packet. Each Delta Sync packet has a sequence number. The sending member has a queue of sent Delta Sync packets. Each Cluster Member has a queue of packets sent from each of the peer Cluster Members. If, for any reason, a Delta Sync packet was not received by a Cluster Member, it can ask for a retransmission of this packet from the sending member. The Delta Sync retransmission mechanism is somewhat similar to a TCP Window and TCP retransmission mechanism. When a member requests retransmission of Delta Sync packet, which no longer exists on the sending member, the member prints a console messages that the sync is not complete.
• Detect
  UserCheck rule action that allows traffic and files to enter the internal network and logs them.
• Distributed Deployment
  Configuration in which the Check Point Security Gateway and the Security Management Server products are installed on different computers.
• Domain Dedicated Log Server
  Dedicated Log Server (not a Domain Log Server) configured in a specified Domain (in versions R81 and higher). It stores and processes logs from Security Gateways that are managed by the corresponding Domain Management Server. Acronym: DDLS.
• Domain Dedicated SmartEvent Server
  Dedicated SmartEvent Server configured in a specified Domain (in versions R81 and higher). It hosts the events database for logs from Security Gateways that are managed by the corresponding Domain Management Server.
• Domain Management Server
  Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS.
• Down
  State of a Cluster Member during a failure when one of the Critical Devices reports its state as "problem": In ClusterXL, applies to the state of the Security Gateway component; in 3rd-party / OPSEC cluster, applies to the state of the State Synchronization mechanism. A Cluster Member in this state does not process any traffic passing through cluster.
• Dying
  State of a Cluster Member as assumed by peer members, if it did not report its state for 0.7 second.
• Dynamic Object
  Special object type, whose IP address is not known in advance. The Security Gateway resolves the IP address of this object in real time.
E
• Encryption Domain
  The networks that a Security Gateway protects and for which it encrypts and decrypts VPN traffic.
• Endpoint Policy Management
  Check Point Software Blade on a Management Server to manage an on-premises Harmony Endpoint Security environment.
• Event
  Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy.
• Event Correlation
  Procedure that extracts, aggregates, correlates, and analyzes events from the logs.
• Event Policy
  Set of rules that define the behavior of SmartEvent.
• Expert Mode
  The name of the elevated command line shell that gives full system root permissions in the Check Point Gaia operating system.
F
• F2F
  Denotes non-VPN connections that SecureXL forwarded to firewall. See "Firewall Path".
• Failback
  Recovery of a Cluster Member that suffered from a failure. The state of a recovered Cluster Member is changed from Down to either Active, or Standby (depending on Cluster Mode). Synonym: Fallback.
• Failed Member
  A Cluster Member that cannot send or accept traffic because of a hardware or software problem.
• Failover
  Transferring of a control over traffic (packet filtering) from a Cluster Member that suffered a failure to another Cluster Member (based on internal cluster algorithms). Synonym: Fail-over.
• Failure
  A hardware or software problem that causes a Security Gateway to be unable to serve as a Cluster Member (for example, one of cluster interface has failed, or one of the monitored daemon has crashed). Cluster Member that suffered from a failure is declared as failed, and its state is changed to Down (a physical interface is considered Down only if all configured VLANs on that physical interface are Down).
• Firewall Path
  Packet flow on the Host Security Appliance, when the SecureXL device is unable to process the packet. The packet is passed to the CoreXL layer and then to one of the CoreXL Firewall instances for full processing. This path also processes all packets when SecureXL is disabled. Synonym: Slow Path.
• Flapping
  Consequent changes in the state of either cluster interfaces (cluster interface flapping), or Cluster Members (Cluster Member flapping). Such consequent changes in the state are seen in the 'Logs & Monitor' > 'Logs' (if in SmartConsole > cluster object, the cluster administrator set the 'Track changes in the status of cluster members' to 'Log').
• Flush and ACK
  Cluster Member forces the Delta Sync packet about the incoming packet and waiting for acknowledgments from all other Active members and only then allows the incoming packet to pass through. In some scenarios, it is required that some information, written into the kernel tables, will be Sync-ed promptly, or else a race condition can occur. The race condition may occur if a packet that caused a certain change in kernel tables left Member_A toward its destination and then the return packet tries to go through Member_B. In general, this kind of situation is called asymmetric routing. What may happen in this scenario is that the return packet arrives at Member_B before the changes induced by this packet were Sync-ed to this Member_B. Example of such a case is when a SYN packet goes through Member_A, causing multiple changes in the kernel tables and then leaves to a server. The SYN-ACK packet from a server arrives at Member_B, but the connection itself was not Sync-ed yet. In this condition, the Member_B will drop the packet as an Out-of-State packet (First packet isn't SYN). In order to prevent such conditions, it is possible to use the "Flush and ACK" (F&A) mechanism. This mechanism can send the Delta Sync packets with all the changes accumulated so far in the Sync buffer to the other Cluster Members, hold the original packet that induced these changes and wait for acknowledgment from all other (Active) Cluster Members that they received the information in the Delta Sync packet. When all acknowledgments arrived, the mechanism will release the held original packet. This ensures that by the time the return packet arrived from a server at the cluster, all the Cluster Members are aware of the connection. F&A is being operated at the end of the Inbound chain and at the end of the Outbound chain (it is more common at the Outbound). Synonyms: FnA, F&A.
• Forwarding
  Process of transferring of an incoming traffic from one Cluster Member to another Cluster Member for processing. There are two types of forwarding the incoming traffic between Cluster Members - Packet forwarding and Chain forwarding. For more information, see "Forwarding Layer in Cluster" and "ARP Forwarding".
• Forwarding Layer
  The Forwarding Layer is a ClusterXL mechanism that allows a Cluster Member to pass packets to peer Cluster Members, after they have been locally inspected by the firewall. This feature allows connections to be opened from a Cluster Member to an external host. Packets originated by Cluster Members are hidden behind the Cluster Virtual IP address. Thus, a reply from an external host is sent to the cluster, and not directly to the source Cluster Member. This can pose problems in the following situations: (1) The cluster is working in High Availability mode, and the connection is opened from the Standby Cluster Member. All packets from the external host are handled by the Active Cluster Member, instead. (2) The cluster is working in a Load Sharing mode, and the decision function has selected another Cluster Member to handle this connection. This can happen since packets directed at a Cluster IP address are distributed between Cluster Members as with any other connection. If a Cluster Member decides, upon the completion of the firewall inspection process, that a packet is intended for another Cluster Member, it can use the Forwarding Layer to hand the packet over to that Cluster Member. In High Availability mode, packets are forwarded over a Synchronization network directly to peer Cluster Members. It is important to use secured networks only, as encrypted packets are decrypted during the inspection process, and are forwarded as clear-text (unencrypted) data. In Load Sharing mode, packets are forwarded over a regular traffic network. Packets that are sent on the Forwarding Layer use a special source MAC address to inform the receiving Cluster Member that they have already been inspected by another Cluster Member. Thus, the receiving Cluster Member can safely hand over these packets to the local Operating System, without further inspection.
• Full High Availability
  A special Cluster Mode supported only on Check Point appliances running Gaia OS (R75.40 and higher) or SecurePlatform OS (R77.30 and lower), where each Cluster Member also runs as a Security Management Server. This provides redundancy both between Security Gateways (only High Availability is supported) and between Security Management Servers (only High Availability is supported). Synonyms: Full HA Cluster Mode, Full HA, FullHA.
• Full Sync
  Process of full synchronization of applicable kernel tables by a Cluster Member from the working Cluster Member(s) when it tries to join the existing cluster. This process is meant to fetch a ‎"snapshot" of the applicable kernel tables of already Active Cluster Member(s). Full Sync is performed during the initialization of Check Point software (during boot process, the first time the Cluster Member runs policy installation, during 'cpstart', during 'cphastart'). Until the Full Sync process completes successfully, this Cluster Member remains in the Down state, because until it is fully synchronized with other Cluster Members, it cannot function as a Cluster Member. Meanwhile, the Delta Sync packets continue to arrive, and the Cluster Member that tries to join the existing cluster, stores them in the kernel memory until the Full Sync completes. The whole Full Sync process is performed by fwd daemons on TCP port 256 over the Sync network (if it fails over the Sync network, it tries the other cluster interfaces). The information is sent by fwd daemons in chunks, while making sure they confirm getting the information before sending the next chunk. Also see "Delta Sync".
G
• Gaia
  Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems.
• Gaia Clish
  The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).
• Gaia Portal
  Web interface for the Check Point Gaia operating system.
• Geo Cluster
  A High Availability cluster mode (in versions R81.20 and higher), where cluster members are located in different cloud availability zones. This mode supports the configuration of IP addresses from different subnets on all cluster interfaces, including the Sync interfaces. The Active cluster member inspects all traffic routed to the cluster and synchronizes the recorded connections to its peer cluster members. The traffic is not balanced between the cluster members. See "High Availability".
• Global Domain
  Domain on a Multi-Domain Security Management Server, on which the Multi-Domain Server administrator creates and manages objects, security policies and settings that apply to the entire Multi-Domain Security Management environment.
• Global Objects
  On a Multi-Domain Security Management Server, all objects defined in the Global Domain. You can use this objects in a Global Policy or Local Policies on Domains.
• Global Policy
  On a Multi-Domain Security Management Server, a policy defined in the Global Domain. You can assigns this Global Policy to Domains.
H
• HA not started
  Output of the 'cphaprob <flag>' command or 'show cluster <option>' command on the Cluster Member. This output means that Check Point clustering software is not started on this Security Gateway (for example, this machine is not a part of a cluster, or 'cphastop' command was run, or some failure occurred that prevented the ClusterXL product from starting correctly).
• High Availability
  A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA.
• Hotfix
  Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior.
• HTTPS Inspection
  Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.
• HTU
  Stands for "HA Time Unit". All internal time in ClusterXL is measured in HTUs (the times in cluster debug also appear in HTUs). Formula in the Check Point software: 1 HTU = 10 x fwha_timer_base_res = 10 x 10 milliseconds = 100 ms.
• Hybrid
  Starting in R80.20, on Security Gateways with 40 or more CPU cores, Software Blades run in the user space (as 'fwk' processes). The Hybrid Mode refers to the state when you upgrade Cluster Members from R80.10 (or below) to R80.20 (or above). The Hybrid Mode is the state, in which the upgraded Cluster Members already run their Software Blades in the user space (as fwk processes), while other Cluster Members still run their Software Blades in the kernel space (represented by the fw_worker processes). In the Hybrid Mode, Cluster Members are able to synchronize the required information.
I
• ICA
  Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.
• ICAP Client
  The ICAP Client functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Server responses (see RFC 3507), modify their content, and block the matched HTTP connections.
• ICAP Server
  The ICAP Server functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Client requests, send the files for inspection, and return the verdict.
• Identity Agent
  Check Point dedicated client agent installed on Windows-based user endpoint computers. This Identity Agent acquires and reports identities to the Check Point Identity Awareness Security Gateway. The administrator configures the Identity Agents (not the end users). There are two types of Identity Agents - Full and Light. You can download the Full and Light Identity Agent package from the Captive Portal - 'https://<Gateway_IP_Address>/connect' or from Support Center.
• Identity Agent Configuration Utility
  Check Point utility that creates custom Identity Agent installation packages. This utility is installed as a part of the Identity Agent: go to the Windows Start menu > All Programs > Check Point > Identity Agent > right-click the 'Identity Agent' shortcut > select 'Properties' > click 'Open File Location' ('Find Target' in some Windows versions > double-click 'IAConfigTool.exe').
• Identity Agent Distributed Configuration Tool
  Check Point Identity Agent control tool for Windows-based client computers that are members of an Active Directory domain. The Distributed Configuration tool lets you configure connectivity and trust rules for Identity Agents - to which Identity Awareness Security Gateways the Identity Agent should connect, depending on its IPv4 / IPv6 address, or Active Directory Site. This tool is installed a part of the Identity Agent: go to the Windows Start menu > All Programs > Check Point > Identity Agent > open the Distributed Configuration. Note - You must have administrative access to this Active Directory domain to allow automatic creation of new LDAP keys and writing.
• Identity Awareness
  Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.
• Identity Broker
  Identity Sharing mechanism between Identity Servers (PDP): (1) Communication channel between PDPs based on Web-API (2) Identity Sharing capabilities between PDPs - ability to add, remove, and update the identity session.
• Identity Collector
  Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. You can download the Identity Collector package from Support Center.
• Identity Collector Identity Sources
  Identity Sources for Check Point Identity Collector - Microsoft Active Directory Domain Controllers, Cisco Identity Services Engine (ISE) Servers, or NetIQ eDirectory Servers.
• Identity Collector Query Pool
  A list of Identity Sources for Check Point Identity Collector.
• Identity Logging
  Check Point Software Blade on a Management Server to view Identity Logs from the managed Security Gateways with enabled Identity Awareness Software Blade.
• Identity Server
  Check Point Security Gateway with enabled Identity Awareness Software Blade.
• Indicator
  Pattern of relevant observable malicious activity in an operational cyber domain, with relevant information on how to interpret it and how to handle it.
• Init
  State of a Cluster Member in the phase after the boot and until the Full Sync completes. A Cluster Member in this state does not process any traffic passing through cluster.
• Inline Layer
  Set of rules used in another rule in Security Policy.
• Intelligent Queuing Engine
  A bandwidth allocation algorithm that guarantees high priority traffic takes precedence over low priority traffic.
• Internal Network
  Computers and resources protected by the Firewall and accessed by authenticated users.
• IoC
  Indicator of Compromise. Artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Typical IoCs are virus signatures and IP addresses, MD5 hashes of Malware files, or URLs or domain names of botnet command and control servers. Identified through a process of incident response and computer forensics, intrusion detection systems and anti-virus software can use IoC's to detect future attacks.
• IP Tracking
  Collecting and saving of Source IP addresses and Source MAC addresses from incoming IP packets during the probing. IP tracking is a useful for Cluster Members to determine whether the network connectivity of the Cluster Member is acceptable.
• IP Tracking Policy
  Internal setting that controls, which IP addresses should be tracked during IP tracking: (1) Only IP addresses from the subnet of cluster VIP, or from subnet of physical cluster interface (this is the default) (2) All IP addresses, also outside the cluster subnet.
• IPS
  Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).
• IPsec VPN
  Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.
• IRQ Affinity
  A state of binding an IRQ to one or more CPU cores.
J
• Jitter
  Variation in the delay of received packets. On the sending side, packets are spaced evenly apart and sent in a continuous stream. On the receiving side, the delay between each packet can vary according to network congestion, improper queuing or configuration errors.
• Jumbo Hotfix Accumulator
  Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA.
K
• Kerberos
  An authentication server for Microsoft Windows Active Directory Federation Services (ADFS).
L
• LLQ
  Low Latency Queuing is a feature developed by Cisco to bring strict priority queuing (PQ) to class-based weighted fair queuing (CBWFQ). LLQ allows delay-sensitive data (such as voice) to be given preferential treatment over other traffic by letting the data to be dequeued and sent first.
• Load Sharing
  A redundant cluster mode, where all Cluster Members process all incoming traffic in parallel. For more information, see "Load Sharing Multicast Mode" and "Load Sharing Unicast Mode". Synonyms: Active/Active, Load Balancing mode. Acronym: LS.
• Load Sharing Multicast
  Load Sharing Cluster Mode, where all Cluster Members process all traffic in parallel. Each Cluster Member is assigned the equal load of [ 100% / number_of_members ]. The Cluster Virtual IP address (that represents the cluster on that network) is associated with Multicast MAC Address 01:00:5E:X:Y:Z (which is generated based on last 3 bytes of cluster Virtual IP address on that network). A ClusterXL decision algorithm (Decision Function) on all Cluster Members decides, which Cluster Member should process the given packet.
• Load Sharing Unicast
  Load Sharing Cluster Mode, where one Cluster Member (called Pivot) accepts all traffic. Then, the Pivot member decides to process this traffic, or to forward it to other non-Pivot Cluster Members. The traffic load is assigned to Cluster Members based on the hard-coded formula per the value of "Pivot_overhead" attribute in the cluster object. The Cluster Virtual IP address (that represents the cluster on that network) is associated with: (1) Physical MAC Address of Pivot member (2) Virtual MAC Address.
• Log Server
  Dedicated Check Point server that runs Check Point software to store and process logs.
• Logging & Status
  Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways.
M
• Mail Transfer Agent
  Feature on a Security Gateway that intercepts SMTP traffic and forwards it to the applicable inspection component. Acronym: MTA.
• Main Domain Management Server
  Domain Management Server on a Multi-Domain Server, on which you configured the object of your VSX Gateway or VSX Cluster. In this case, objects of your Virtual Systems are defined on different Domain Management Servers (Target Domain Management Servers).
• Malware Database
  The Check Point database of commonly used signatures, URLs, and their related reputations, installed on a Security Gateway and used by the ThreatSpect engine.
• Management High Availability
  Deployment and configuration mode of two Check Point Management Servers, in which they automatically synchronize the management databases with each other. In this mode, one Management Server is Active, and the other is Standby. Acronyms: Management HA, MGMT HA.
• Management Interface
  (1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member. (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI.
• Management Server
  Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.
• Manual NAT Rules
  Manual configuration of NAT rules by the administrator of the Check Point Management Server.
• Master
  State of a Cluster Member that processes all traffic in cluster configured in VRRP mode.
• Medium Path
  Packet flow on the Host Security Appliance, when the packet is handled by the SecureXL device. The CoreXL layer passes the packet to one of the CoreXL Firewall instances to process it. Even when CoreXL is disabled, the SecureXL uses the CoreXL infrastructure to send the packet to the single CoreXL Firewall instance that still functions. When the Medium Path is available, the SecureXL fully accelerates the TCP handshake. Rule Base match is achieved for the first packet through an existing connection acceleration template. The SecureXL also fully accelerates the TCP [SYN-ACK] and TCP [ACK] packets. However, once data starts to flow, to stream it for Content Inspection, an FWK instance now handles the packets. The SecureXL sends all packets that contain data to FWK for data extraction in order to build the data stream. Only the SecureXL handles the TCP [RST], TCP [FIN] and TCP [FIN-ACK] packets, because they do not contain data that needs to be streamed. The Medium Path is available only when CoreXL is enabled. Exceptions are: IPS (some protections); VPN (in some configurations); Application Control; Content Awareness; Anti-Virus; Anti-Bot; HTTPS Inspection; Proxy mode; Mobile Access; VoIP; Web Portals. Synonym: PXL.
• Mirror and Decrypt
  The Mirror and Decrypt feature on a Security Gateway or Cluster (in versions R80.40 and higher) that performs these actions: (1) Mirror only of all traffic - Clones all traffic (including HTTPS without decryption) that passes through, and sends it out of the designated physical interface. (2) Mirror and Decrypt of HTTPS traffic - Clones all HTTPS traffic that passes through, decrypts it, and sends it in clear-text out of the designated physical interface. Acronym: M&D.
• Mobile Access
  Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.
• Multi-Domain Log Server
  Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.
• Multi-Domain Server
  Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.
• Multi-Queue
  An acceleration feature on Security Gateway that configures more than one traffic queue for each network interface. Multi-Queue assigns more than one receive packet queue (RX Queue) and more than one transmit packet queue (TX Queue) to an interface. Multi-Queue is applicable only if SecureXL is enabled (this is the default). Acronym: MQ.
• Multi-Version Cluster
  The Multi-Version Cluster mechanism lets you synchronize connections between cluster members that run different versions. This lets you upgrade to a newer version without a loss in connectivity and lets you test the new version on some of the cluster members before you decide to upgrade the rest of the cluster members. Acronym: MVC.
N
• NAC
  Network Access Control. This is an approach to computer security that attempts to unify endpoint security technology (such as Anti-Virus, Intrusion Prevention, and Vulnerability Assessment), user or system authentication and network security enforcement. Check Point's Network Access Control solution is called Identity Awareness Software Blade.
• Network Object
  Logical object that represents different parts of corporate topology - computers, IP addresses, traffic protocols, and so on. Administrators use these objects in Security Policies.
• Network Objective
  Defines how the cluster will configure and monitor an interface - Cluster, Sync, Cluster+Sync, Monitored Private, Non-Monitored Private. Configured in SmartConsole > cluster object > 'Topology' pane > 'Network Objective'.
• Network Policy Management
  Check Point Software Blade on a Management Server to manage an on-premises environment with an Access Control and Threat Prevention policies.
• Non-Blocking Mode
  Cluster operation mode, in which Cluster Member keeps forwarding all traffic.
• Non-Dedicated Management Interface
  Shared physical interface on VSX Gateway or VSX Cluster Members (supported only in versions R80.40 and lower), which carries user "production" traffic and through which Check Point Security Management Server or Multi-Domain Server connects to VSX Gateway or VSX Cluster Members. Non-DMI configuration requires the use of a Virtual Router or Virtual Switch. Acronym: Non-DMI.
• Non-Monitored Interface
  An interface on a Cluster Member, whose Network Type was set as Private in SmartConsole, in cluster object.
• Non-Pivot
  A Cluster Member in the Unicast Load Sharing cluster that receives all packets from the Pivot Cluster Member.
• Non-Sticky Connection
  A connection is called non-sticky, if the reply packet returns via a different Cluster Member, than the original packet (for example, if network administrator has configured asymmetric routing). In Load Sharing mode, all Cluster Members are Active, and in Static NAT and encrypted connections, the Source and Destination IP addresses change. Therefore, Static NAT and encrypted connections through a Load Sharing cluster may be non-sticky.
O
• Observable
  Event or stateful property that can be observed in an operational cyber domain.
• Open Server
  Physical computer manufactured and distributed by a company, other than Check Point.
P
• Package Repository
  Collection of software packages that were uploaded to the Management Server. You can easily install these packages in SmartConsole on the managed Security Gateways.
• Packet Selection
  Distinguishing between different kinds of packets coming from the network, and selecting, which member should handle a specific packet (Decision Function mechanism): CCP packet from another member of this cluster; CCP packet from another cluster or from a Cluster; Member with another version (usually older version of CCP); Packet is destined directly to this member; Packet is destined to another member of this cluster; Packet is intended to pass through this Cluster Member; ARP packets.
• PDP
  Check Point Identity Awareness Security Gateway that acts as Policy Decision Point: acquires identities from identity sources; shares identities with other gateways.
• PEP
  Check Point Identity Awareness Security Gateway that acts as Policy Enforcement Point: receives identities via identity sharing; redirects users to Captive Portal.
• Permission Profile
  Predefined group of SmartConsole access permissions assigned to Domains and administrators. With this feature you can configure complex permissions for many administrators with one definition.
• Pingable Host
  Some host (that is, some IP address) that Cluster Members can ping during probing mechanism. Pinging hosts in an interface's subnet is one of the health checks that ClusterXL mechanism performs. This pingable host will allow the Cluster Members to determine with more precision what has failed (which interface on which member). On Sync network, usually, there are no hosts. In such case, if switch supports this, an IP address should be assigned on the switch (for example, in the relevant VLAN). The IP address of such pingable host should be assigned per this formula: IP_of_pingable_host = IP_of_physical_interface_on_member + ~10. Assigning the IP address to pingable host that is higher than the IP addresses of physical interfaces on the Cluster Members will give some time to Cluster Members to perform the default health checks. Example: IP address of physical interface on a given subnet on Member_A is 10.20.30.41; IP address of physical interface on a given subnet on Member_B is 10.20.30.42; IP address of pingable host should be at least 10.20.30.5
• Pivot
  A Cluster Member in the Unicast Load Sharing cluster that receives all packets. Cluster Virtual IP addresses are associated with Physical MAC Addresses of this Cluster Member. This Pivot Cluster Member distributes the traffic between other Non-Pivot Cluster Members.
• Policy Layer
  Layer (set of rules) in a Security Policy.
• Policy Package
  Collection of different types of Security Policies, such as Access Control, Threat Prevention, QoS, and Desktop Security. After installation, Security Gateways enforce all Policies in the Policy Package.
• Preconfigured Mode
  Cluster Mode, where cluster membership is enabled on all Cluster Members to be. However, no policy had been yet installed on any of the Cluster Members - none of them is actually configured to be primary, secondary, and so on. The cluster cannot function, if one Cluster Member fails. In this scenario, the "preconfigured mode" takes place. The preconfigured mode also comes into effect when no policy is yet installed, right after the Cluster Members came up after boot, or when running the 'cphaconf init' command.
• Predefined Report
  Default report included in a Check Point product that you can run right out of the box.
• Prevent
  UserCheck rule action that blocks traffic and files and can show a UserCheck message.
• Primary Multi-Domain Server
  The Multi-Domain Security Management Server in Management High Availability that you install as Primary.
• Primary Security Management Server
  The Security Management Server in Management High Availability that you install as Primary.
• Primary Up
  ClusterXL in High Availability mode that was configured as Switch to higher priority Cluster Member in the cluster object in SmartConsole: (1) Each Cluster Member is given a priority (SmartConsole > cluster object > 'Cluster Members' pane). Cluster Member with the highest priority appears at the top of the table, and Cluster Member with the lowest priority appears at the bottom of the table. (2) The Cluster Member with the highest priority will assume the Active state. (3) If the current Active Cluster Member with the highest priority (for example, Member_A), fails for some reason, or is rebooted, then failover occurs between Cluster Members. The Cluster Member with the next highest priority will be promoted to be Active (for example, Member_B). (4) When the Cluster Member with the highest priority (Member_A) recovers from a failure, or boots, then additional failover occurs between Cluster Members. The Cluster Member with the highest priority (Member_A) will be promoted to Active state (and Member_B will return to Standby state).
• Private Interface
  An interface on a Cluster Member, whose Network Type was set as 'Private' in SmartConsole in cluster object. This interface is not monitored by cluster, and failure on this interface will not cause any changes in Cluster Member's state.
• Probing
  If a Cluster Member fails to receive status for another member (does not receive CCP packets from that member) on a given segment, Cluster Member will probe that segment in an attempt to illicit a response. The purpose of such probes is to detect the nature of possible interface failures, and to determine which module has the problem. The outcome of this probe will determine what action is taken next (change the state of an interface, or of a Cluster Member).
• Provisioning
  Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM.
• PSL
  Passive Streaming Library. Packets may arrive at Security Gateway out of order, or may be legitimate retransmissions of packets that have not yet received an acknowledgment. In some cases, a retransmission may also be a deliberate attempt to evade IPS detection by sending the malicious payload in the retransmission. Security Gateway ensures that only valid packets are allowed to proceed to destinations. It does this with the Passive Streaming Library (PSL) technology. (1) The PSL is an infrastructure layer, which provides stream reassembly for TCP connections. (2) The Security Gateway makes sure that TCP data seen by the destination system is the same as seen by code above PSL. (3) The PSL handles packet reordering, congestion, and is responsible for various security aspects of the TCP layer, such as handling payload overlaps, some DoS attacks, and others. (4) The PSL is capable of receiving packets from the Firewall chain and from the SecureXL. (5) The PSL serves as a middleman between the various security applications and the network packets. It provides the applications with a coherent stream of data to work with, free of various network problems or attacks. (6) The PSL infrastructure is wrapped with well-defined APIs called the Unified Streaming APIs, which are used by the applications to register and access streamed data.
• PSLXL
  Technology name for combination of SecureXL and PSL (Passive Streaming Library) in versions R80.20 and higher. In versions R80.10 and lower, this technology was called PXL (PacketXL).
• Publisher PDP
  Check Point Identity Awareness Security Gateway that gets identities from an identity source/remote PDP and shares identities to a remote PDP. The Publisher PDP: (1) Initiates an HTTPS connection to the Subscriber PDP for each Identity to be shared (2) Verifies the CN and OU present in the subject field of the certificate presented (3) Verifies that the CA's certificate matches the certificate that was approved in advance by the administrator (4) Checks if the certificate presented is revoked (5) Shares identities including the information about user(s), machine(s) and Access Roles in the form of HTTP POST requests.
Q
• QoS
  Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.
• QoS Action Properties
  Properties that define bandwidth allocation, limits, and guarantees for a security rule.
R
• RDED
  Retransmit Detect Early Drop. The bottleneck that results from the connection of a LAN to the WAN causes TCP to retransmit packets. RDED prevents inefficiencies by detecting retransmits in TCP streams and preventing the transmission of redundant packets when multiple copies of a packet are concurrently queued on the same flow.
• Ready
  State of a Cluster Member during after initialization and before promotion to the next required state - Active / Standby / VRRP Master / VRRP Backup (depending on Cluster Mode). A Cluster Member in this state does not process any traffic passing through cluster. A member can be stuck in this state due to several reasons.
• Remote Access VPN
  An encrypted tunnel between remote access clients (such as Endpoint Security VPN) and a Security Gateway.
• Report
  Summary of network activity and Security Policy enforcement that is generated by Check Point products, such as SmartEvent.
• Route-Based VPN
  A routing method for participants in a VPN community, defined by network routes.
• Rule
  Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.
• Rule Base
  All rules configured in a given Security Policy. Synonym: Rulebase.
S
• Same VMAC
  Same Virtual MAC Address (see "VMAC"). When this feature is enabled in a ClusterXL (in the High Availability or Load Sharing Unicast mode), the Cluster Members use Virtual MAC (VMAC) addresses on the cluster interfaces instead of the real MAC addresses. Cluster interfaces that belong to the same subnet get the same VMAC address instead of their real MAC address. This feature helps avoid issues during the cluster operation, when switches block ports connected to the Cluster Members.
• Secondary Multi-Domain Server
  The Multi-Domain Security Management Server in Management High Availability that you install as Secondary.
• Secondary Security Management Server
  The Security Management Server in Management High Availability that you install as Secondary.
• SecureXL
  Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.
• Security Gateway
  Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.
• Security Management Server
  Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.
• Security Policy
  Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.
• Selection
  The packet selection mechanism is one of the central and most important components in the ClusterXL product and State Synchronization infrastructure for 3rd-party clustering solutions. Its main purpose is to decide (to select) correctly what has to be done to the incoming and outgoing traffic on the Cluster Member. (1) In ClusterXL, the packet is selected by Cluster Member(s) depending on the cluster mode: In HA modes - by Active member; In LS Unicast mode - by Pivot member; In LS Multicast mode - by all members. Then the Cluster Member applies the Decision Function (and the Cluster Correction Layer). (2) In 3rd-party / OPSEC cluster, the 3rd-party software selects the packet, and Check Point software just inspects it (and performs State Synchronization).
• Service Account
  In Microsoft® Active Directory, a user account created explicitly to provide a security context for services running on Microsoft® Windows® Server.
• SIC
  Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.
• Silent Standby
  In the ClusterXL High Availability mode, this feature configures the Standby cluster member to communicate only through the Active cluster member. This feature is useful when it is necessary to connect from Standby cluster members to a host / server on the network.
• Site to Site VPN
  An encrypted tunnel between two or more Security Gateways. Synonym: Site-to-Site VPN. Contractions: S2S VPN, S-to-S VPN.
• SmartConsole
  Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.
• SmartDashboard
  Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings.
• SmartEvent Correlation Unit
  SmartEvent software component on a SmartEvent Server that analyzes logs and detects events.
• SmartEvent Server
  Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database.
• SmartProvisioning
  Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM.
• SmartUpdate
  Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment.
• Software Blade
  Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.
• Standalone
  Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server.
• Standby
  State of a Cluster Member that is ready to be promoted to Active state (if the current Active Cluster Member fails). Applies only to ClusterXL High Availability Mode.
• Standby Domain Server
  All Domain Management Servers for a Domain that are not designated as the Active Domain Management Server.
• Standby Security Management Server
  The Security Management Server in Management High Availability that is currently configured as Standby.
• State Synchronization
  Technology that synchronizes the relevant information about the current connections (stored in various kernel tables on Check Point Security Gateways) among all Cluster Members over Synchronization Network. Due to State Synchronization, the current connections are not cut off during cluster failover.
• Sticky Connection
  A connection is called sticky, if all packets are handled by a single Cluster Member (in High Availability mode, all packets reach the Active Cluster Member, so all connections are sticky).
• STIX
  Structured Threat Information eXpression™. A language that describes cyber threat information in a standardized and structured way.
• Subscriber PDP
  Check Point Identity Awareness Security Gateway that gets identities from a remote PDP. The Subscriber PDP: (1) Presents the configured SSL certificate to the Publisher PDP (2) Receives the information from the Publisher PDP after verifying the pre-shared secret in the POST requests.
• Subscribers
  User Space processes that are made aware of the current state of the ClusterXL state machine and other clustering configuration parameters. List of such subscribers can be obtained by running the 'cphaconf debug_data' command.
• Sync Interface
  An interface on a Cluster Member, whose Network Type was set as Sync or Cluster+Sync in SmartConsole in cluster object. This interface is monitored by cluster, and failure on this interface will cause cluster failover. This interface is used for State Synchronization between Cluster Members. The use of more than one Sync Interfaces for redundancy is not supported because the CPU load will increase significantly due to duplicate tasks performed by all configured Synchronization Networks. Synonyms: Secured Interface, Trusted Interface.
• Synchronization Network
  A set of interfaces on Cluster Members that were configured as interfaces, over which State Synchronization information will be passed (as Delta Sync packets ). The use of more than one Synchronization Network for redundancy is not supported because the CPU load will increase significantly due to duplicate tasks performed by all configured Synchronization Networks. Synonyms: Sync Network, Secured Network, Trusted Network.
• System Counter
  SmartView Monitor data or report on status, activity, and resource usage of Check Point products.
T
• Target Domain Management Server
  Domain Management Server on a Multi-Domain Server, on which you configured the objects of your Virtual Systems. In this case, object of your VSX Gateway or VSX Cluster are defined on a different Domain Management Server (Main Domain Management Server).
• Terminal Servers Identity Agent
  Dedicated client agent installed on Microsoft® Windows-based application server that hosts Terminal Servers, Citrix XenApp, and Citrix XenDesktop services. This client agent acquires and reports identities to the Check Point Identity Awareness Security Gateway. In the past, this client agent was called Multi-User Host (MUH) Agent. You can download the Terminal Servers Identity Agent from Support Center.
• Threat Emulation
  Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.
• Threat Emulation Private Cloud Appliance
  Check Point appliance that is certified to support the Threat Emulation Software Blade.
• Threat Extraction
  Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.
• ThreatCloud
  The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware.
• ThreatCloud Repository
  Cloud database with more than 250 million Command and Control (C&C) IP, URL, and DNS addresses and over 2,000 different botnet communication patterns, used by the ThreatSpect engine to classify bots and viruses. See: https://www.checkpoint.com/infinity-vision/threatcloud/
• ThreatSpect Engine
  Unique multi-tiered engine that analyzes network traffic and correlates data across multiple layers (reputation, signatures, suspicious mail outbreaks, behavior patterns) to detect bots and viruses.
U
• Updatable Object
  Network object that represents an external service, such as Microsoft 365, AWS, Geo locations, and more.
• URL Filtering
  Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.
• User Database
  Check Point internal database that contains all users defined and managed in SmartConsole.
• User Directory
  Check Point Software Blade on a Management Server that integrates LDAP and other external user management servers with Check Point products and security solutions.
• User Group
  Named group of users with related responsibilities.
• User Template
  Property set that defines a type of user on which a security policy will be enforced.
• UserCheck
  Functionality in your Security Gateway or Cluster and endpoint clients that gives users a warning when there is a potential risk of data loss or security violation. This helps users to prevent security incidents and to learn about the organizational security policy.
V
• Virtual Device
  Logical object that emulates the functionality of a type of physical network object. Virtual Device can be on of these: Virtual Router, Virtual System, or Virtual Switch.
• Virtual Router
  Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical router. Acronym: VR.
• Virtual Switch
  Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical switch. Acronym: VSW.
• Virtual System
  Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS.
• Virtual System Load Sharing
  VSX Cluster technology that assigns Virtual System traffic to different Active Cluster Members. Acronym: VSLS.
• VMAC
  Virtual MAC Address. When this feature is enabled in a ClusterXL (in the High Availability or Load Sharing Unicast mode), the current Active or Pivot Cluster Member sends Gratuitous ARP Requests (G-ARP) for its Cluster Virtual IP (VIP) addresses and Virtual MAC (VMAC) addresses in G-ARP updates. Cluster Members create a VMAC address for each Cluster VIP address. This feature helps avoid issues during a cluster failover, when switches do not integrate G-ARP updates into their ARP cache table.
• VPN Community
  A named collection of VPN domains, each protected by a VPN gateway.
• VPN Tunnel
  An encrypted connection between two hosts using standard protocols (such as L2TP) to encrypt traffic going in and decrypt it coming out, creating an encapsulated network through which data can be safely shared as though on a physical private line.
• VSX
  Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts.
• VSX Gateway
  Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.
W
• Warp Jump
  If two Virtual Systems connect to the same Virtual Switch or Virtual Router, then internally traffic that must pass from a network behind one Virtual System to a network behind another Virtual System, "jumps" from one Virtual System to another Virtual System without passing through the Virtual Switch or Virtual Router.
• Warp Link
  Logical interface that is created automatically in a VSX topology between: (1) Virtual System and Virtual Switch (2) Virtual System and Virtual Router. Acronym: WRP.
• WFQ
  Weighted Fair Queuing. An algorithm to precisely control bandwidth allocation in QoS.
• WFRED
  Weighted Flow Random Early Drop. A mechanism for managing the packet buffers of QoS. Adjusting automatically and dynamically to the network traffic situation, WFRED remains transparent to the user.
Z
• Zero Phishing
  Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.