Glossary
-
Anonymous Access - the network does not know the real identity of the mobile, opposite of non-anonymous access.
-
Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.
-
Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM.
-
Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.
-
Access Point - entry point to an external network.
-
Access Point Name - the identifier of an external packet data network.
-
Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.
-
Log that contains administrator actions on a Management Server (login and logout, creation or modification of an object, installation of a policy, and so on).
-
A service that allows transmission of information signals between network interfaces. The bearer or data service is used to provide the same level of packet-forwarding treatment for user data as it travels across the network.
-
Border Gateway - a logical box that connects two (or more) operators together via Inter-PLMN backbone; protects operator's intra-PLMN network against intruders.
-
Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.
-
Base Station System Application Part+ - the protocol between SGSN and MSC/VLR
-
Base Station System GPRS Protocol - the protocol between SGSN and BSS.
-
Channel Codec Unit - the functional element in BSS that handles low level GPRS control in radio.
-
Connection Less Network Service; similar to the IP protocol.
-
Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.
-
Security Gateway that is part of a cluster.
-
Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration.
-
Connection Oriented Network Service, similar to the X.25 protocol.
-
Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.
-
Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores.
-
On a Security Gateway with CoreXL enabled, the Firewall kernel is copied multiple times. Each replicated copy, or firewall instance, runs on one processing CPU core. These firewall instances handle traffic at the same time, and each firewall instance is a complete and independent firewall inspection kernel. Synonym: CoreXL FW Instance.
-
Secure Network Distributer. Part of CoreXL that is responsible for: Processing incoming traffic from the network interfaces; Securely accelerating authorized packets (if SecureXL is enabled); Distributing non-accelerated packets between Firewall kernel instances (SND maintains global dispatching table, which maps connections that were assigned to CoreXL Firewall instances). Traffic distribution between CoreXL Firewall instances is statically based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type. The CoreXL SND does not really "touch" packets. The decision to stick to a particular FWK daemon is done at the first packet of connection on a very high level, before anything else. Depending on the SecureXL settings, and in most of the cases, the SecureXL can be offloading decryption calculations. However, in some other cases, such as with Route-Based VPN, it is done by FWK daemon.
-
Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself.
-
Circuit Switched; opposite of packet switched.
-
Call Session Control Function. A set of roles for SIP servers or proxies that handle SIP signal packets in the IP Multimedia Subsystem (IMS).
-
Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway, on which the IP address of the external interface is assigned dynamically by the ISP.
-
Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.
-
A service that allows transmission of information signals between network interfaces. The bearer or data service is used to provide the same level of packet-forwarding treatment for user data as it travels across the network.
-
Classification of data in a Check Point Security Policy for the Content Awareness Software Blade.
-
An authentication, authorization and accounting protocol that has many features not included in the legacy RADIUS protocol.
-
Configuration in which the Check Point Security Gateway and the Security Management Server products are installed on different computers.
-
Discontinuous Reception - when MS receives intermittently.
-
Special object type, whose IP address is not known in advance. The Security Gateway resolves the IP address of this object in real time.
-
Enhanced Data-rates for GSM Evolution, a technology for enhancing GSM to deliver mobile data and multimedia services; an alternative to UTMS.
-
A single encrypted and authenticated tunnel through the operator network, reaching from the wireless device to the server. End-to-end security requires that the entire connection be IP-based; this can occur only in third-generation networks.
-
Check Point Software Blade on a Management Server to manage an on-premises Harmony Endpoint Security environment.
-
The name of the elevated command line shell that gives full system root permissions in the Check Point Gaia operating system.
-
A user data message, comprising a G-PDU and a GTP header.
-
Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems.
-
The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).
-
Web interface for the Check Point Gaia operating system.
-
Interface between an SGSN and a BSS.
-
Interface between a GGSN and an HLR.
-
Interface between a SMS-GMSC and an SGSN, and between a SMS-IWMSC and an SGSN.
-
Interface between an SGSN and an EIR.
-
Gateway GSN (GPRS Support Node).
-
Reference point between GPRS and an external packet data network.
-
GPRS Mobility Management and Session Management - protocol stack between MS and SGSN that handles GPRS attach/detach, PDP context activation/deactivation, etc.
-
Interface between two GSNs within the same PLMN.
-
Interface between two GSNs in different PLMNs. The Gp interface allows support of GPRS network services across areas served by the co-operating GPRS PLMNs.
-
General Packet Radio System, a non-voice value-added service for faster data transactions over a mobile telephone network, designed for deployment on GSM and TDMA-based mobile networks. GPRS overlays a packet-based air interface on the existing switched network.
-
Interface between an SGSN and an HLR.
-
Interface between an SGSN and an MSC/VLR.
-
Global System for Mobile Communications (originally Groupe Speciale Mobile, hence the acronym) - a second generation time-division mobile network standard.
-
GPRS Support Node.
-
GPRS Tunnel Protocol.
-
In GTP version 0 GTP tunnel is defined by two associated PDP Contexts in different GSN nodes and is identified with a Tunnel ID. (1) In GTP version 1/2, a GTP tunnel in the GTP-C plane is defined for all PDP Contexts/sessions with the same PDP address and APN (for Tunnel Management messages), or for each MS (for messages not related to Tunnel Management). A GTP tunnel is identified in each node with a TEID, an IP address and a UDP port number. (2) In GTPv1 GTP tunnel in the GTP-U plane is defined for each PDP Context in the GSNs. While in GTPv2 a bearer is used. (3) In GTP version 2, a GTP-C tunnel is defined for all PDP sessions with same PDP address and TEID,For GTP-U plane traffic a Bearer is created. (4) In all versions, a GTP tunnel is necessary to forward packets between an external packet data network and an MS user.
-
Home location register - a central database that contains user-related and subscription-related information.
-
Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior.
-
Home Public Land Mobile Network - the home network.
-
High Speed Circuit Switched Data - a new GSM service for circuit switched connections.
-
High Speed Packet Access. An improved third generation mobile communication protocol that significantly enhances data transfer. It is a combination of two protocols: (1) HSUPA - High Speed Uplink Packet Access (2) HSDPA - High Speed Downlink Packet Access.
-
Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.
-
Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.
-
Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.
-
Check Point Software Blade on a Management Server to view Identity Logs from the managed Security Gateways with enabled Identity Awareness Software Blade.
-
Information Element - a group of information which may be included within a signaling message or data flow.
-
Internet Engineering Task Force - Internet standardization organization.
-
International Mobile Subscriber Identity - a user's unique ID in GSM/GPRS networks.
-
Well standardized point in the GPRS standard that typically has multivendor capability; opposite of reference point.
-
Computers and resources protected by the Firewall and accessed by authenticated users.
-
Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).
-
Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.
-
Internet Service Provider - an organization or operator that sells Internet access.
-
Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA.
-
An authentication server for Microsoft Windows Active Directory Federation Services (ADFS).
-
Logical Link Control - the protocol layer between MS and SGSN.
-
Dedicated Check Point server that runs Check Point software to store and process logs.
-
Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways.
-
Long Term Evolution - a standard for wireless broadband communication for mobile devices and data terminals, based on the GSM/EDGE and UMTS/HSPA technologies. It increases the capacity and speed using a different radio interface together with core network improvements.
-
(1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member. (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI.
-
Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.
-
Manual configuration of NAT rules by the administrator of the Check Point Management Server.
-
Management Information Base - a collection of managed objects defined by their attributes and visible to the network management system.
-
Mobility management element - in charge of mobility management in GTPv2
-
Multimedia Short Message Service - wireless service that transmits text, audio and video over WAP.
-
Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.
-
Mobile Station - a portable device that connects subscribers to a wireless network, for example a cellular phone or a laptop with a cellular modem.
-
Mobile Station International ISDN Number - the standard international telephone number used to identify a given subscriber.
-
Message Transfer Part layer 2 - S7 protocol layer 2.
-
Message Transfer Part layer 3 - SS7 protocol layer 3.
-
Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.
-
Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.
-
Number of Bytes.
-
Number of Packets.
-
Logical object that represents different parts of corporate topology - computers, IP addresses, traffic protocols, and so on. Administrators use these objects in Security Policies.
-
Check Point Software Blade on a Management Server to manage an on-premises environment with an Access Control and Threat Prevention policies.
-
Network Service - the protocol layer between BSS and SGSN.
-
Network Service Access Point Identifier - an integer value in the range [0; 15], used in GTP V0/V1 versions for PDP Context identification in the MS and SGSN.
-
Network SubSystem - the network part of the network (in GPRS this means SGSN and GGSN).
-
Physical computer manufactured and distributed by a company, other than Check Point.
-
Packet TMSI - a packet system's temporary mobile's identity.
-
Packet Control Unit - functional element in BSS that handles upper level GPRS control in radio.
-
Personal Digital Assistant- a device that fits in hand and has limited services.
-
Packet Data Network - a network that carries user data in packets (for example, Internet and X.25)
-
Packet Data Protocol - a network protocol used by an external packet data network (usually IP).
-
The MS's address in the external packet data network, also called End User IP address.
-
Information sets held in MS and GSNs for a specific PDP address.
-
Protocol Data Unit - a packet.
-
Packet Data Network Gateway - an LTE support node.
-
Public Land Mobile Network.
-
Point-to-Point Protocol - a widely used protocol under IP to connect (for example, PC and ISP via modems).
-
Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM.
-
Public Switched Telephone Network. A collection of public circuit-switched telephone network, including telephone lines, fixed lines, microwave transmission links, cellular networks, and satellite communication.
-
Point To Multipoint - one sender, multiple receivers.
-
Point To Point- one sender, one receiver.
-
Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.
-
Reference point between a non-ISDN compatible TE and MT. Typically this reference point supports a standard serial interface.
-
Routing Area - a set of cells belonging to one group. RA is always a subset of a LA (location area).
-
Radio Link Control - A protocol between MS and BSS to handled retransmission and other radio related issues.
-
Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.
-
All rules configured in a given Security Policy. Synonym: Rulebase.
-
Interface between eNodeB and MM.
-
Interface between eNodeB and SGW.
-
Interface between SGSN and MME.
-
Interface between SGSN and SGW.
-
The interface between SGW to PGW on the HPLMN and between PLMNs
-
Stream Control Transmission Protocol, SCTP was defined as a transport protocol for SS7 messages to be transmitted over IP networks.
-
Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.
-
Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.
-
Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.
-
Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.
-
Serving GSN - a GPRS Support Node.
-
Serving Gateway - a LTE support node.
-
Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.
-
Serial Line IP protocol - a protocol similar to PPP.
-
Short Message Service Center - a computer that handles short messages.
-
Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.
-
Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings.
-
Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM.
-
Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment.
-
Short Message Service - A protocol enabling mobile phone users to send and receive short messages of up to 160 characters messages.
-
Short Message Service Gateway MSC - an MSC used to deliver data to/from SGSN.
-
Short Message Service Interworking MSC - an MSC used to deliver data to/from SGSN.
-
SubNetwork Dependent Convergence - The protocol layer between MS and SGSN.
-
SubNetwork Dependent Convergence Protocol - the protocol used in SNDC.
-
Simple Network Management Protocol runs over TCP/IP and is used to control and manage IP gateways and other network functions.
-
Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.
-
Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server.
-
An original packet from an MS or a network node in an external packet data network.
-
Transaction Capabilities Application Part - SS7 protocol layer.
-
Terminal Equipment - typically a computer, host.
-
Tunnel End Point Identification - The GTP version 1 uni-directional tunnel identifier.
-
Traffic Flow Template, a packet filter list that sorts the packets coming into the GGSN to the correct PDP Context. Also allows some protocol security filtering.
-
Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.
-
Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.
-
Tunnel ID - the GTP version 0 GTP tunnel identifier. Consists of the user ID, or equivalent when Anonymous Access is used, and NSAPI.
-
Temporary Logical Link Identity - provides a signaling address for communication between the MS and the SGSN.
-
Radio interface between MS and the network.
-
Universal Mobile Telephone System, a third generation service (part of the IMT-2000 vision) that is expected to enable cellular service providers to deliver high-value broadband information, commerce and entertainment services to mobile users via fixed, wireless and satellite networks.
-
Network object that represents an external service, such as Microsoft 365, AWS, Geo locations, and more.
-
Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.
-
Check Point Software Blade on a Management Server that integrates LDAP and other external user management servers with Check Point products and security solutions.
-
Universal Mobile Telecommunications System. A third generation, packet-based, mobile cellular technology for networks based on the GSM standard.
-
Visited Public Land Mobile Network - the network where the MS is currently located.
-
Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts.
-
Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.
-
Wireless Application Protocol, a standard wireless protocol specification, based on existing Internet standards such as XML and IP, that leverages HTTP and enables developers to use existing tools to produce scalable applications that deliver Internet content and advanced services to mobile phones and other wireless terminals.
-
Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.
A
B
C
D
E
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z