Glossary

A
• AA
  Anonymous Access - the network does not know the real identity of the mobile, opposite of non-anonymous access.
• Anti-Bot
  Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.
• Anti-Spam
  Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM.
• Anti-Virus
  Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.
• AP
  Access Point - entry point to an external network.
• APN
  Access Point Name - the identifier of an external packet data network.
• Application Control
  Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.
• Audit Log
  Log that contains administrator actions on a Management Server (login and logout, creation or modification of an object, installation of a policy, and so on).
B
• Bearer
  A service that allows transmission of information signals between network interfaces. The bearer or data service is used to provide the same level of packet-forwarding treatment for user data as it travels across the network.
• BG
  Border Gateway - a logical box that connects two (or more) operators together via Inter-PLMN backbone; protects operator's intra-PLMN network against intruders.
• Bridge Mode
  Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.
• BSSAP+
  Base Station System Application Part+ - the protocol between SGSN and MSC/VLR
• BSSGP
  Base Station System GPRS Protocol - the protocol between SGSN and BSS.
C
• CCU
  Channel Codec Unit - the functional element in BSS that handles low level GPRS control in radio.
• CLNS
  Connection Less Network Service; similar to the IP protocol.
• Cluster
  Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.
• Cluster Member
  Security Gateway that is part of a cluster.
• Compliance
  Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration.
• CONS
  Connection Oriented Network Service, similar to the X.25 protocol.
• Content Awareness
  Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.
• CoreXL
  Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores.
• CoreXL Firewall Instance
  On a Security Gateway with CoreXL enabled, the Firewall kernel is copied multiple times. Each replicated copy, or firewall instance, runs on one processing CPU core. These firewall instances handle traffic at the same time, and each firewall instance is a complete and independent firewall inspection kernel. Synonym: CoreXL FW Instance.
• CoreXL SND
  Secure Network Distributer. Part of CoreXL that is responsible for: Processing incoming traffic from the network interfaces; Securely accelerating authorized packets (if SecureXL is enabled); Distributing non-accelerated packets between Firewall kernel instances (SND maintains global dispatching table, which maps connections that were assigned to CoreXL Firewall instances). Traffic distribution between CoreXL Firewall instances is statically based on Source IP addresses, Destination IP addresses, and the IP 'Protocol' type. The CoreXL SND does not really "touch" packets. The decision to stick to a particular FWK daemon is done at the first packet of connection on a very high level, before anything else. Depending on the SecureXL settings, and in most of the cases, the SecureXL can be offloading decryption calculations. However, in some other cases, such as with Route-Based VPN, it is done by FWK daemon.
• CPUSE
  Check Point Upgrade Service Engine for Gaia Operating System. With CPUSE, you can automatically update Check Point products for the Gaia OS, and the Gaia OS itself.
• CS
  Circuit Switched; opposite of packet switched.
• CSCF
  Call Session Control Function. A set of roles for SIP servers or proxies that handle SIP signal packets in the IP Multimedia Subsystem (IMS).
D
• DAIP Gateway
  Dynamically Assigned IP (DAIP) Security Gateway is a Security Gateway, on which the IP address of the external interface is assigned dynamically by the ISP.
• Data Loss Prevention
  Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.
• Data Service
  A service that allows transmission of information signals between network interfaces. The bearer or data service is used to provide the same level of packet-forwarding treatment for user data as it travels across the network.
• Data Type
  Classification of data in a Check Point Security Policy for the Content Awareness Software Blade.
• Diameter
  An authentication, authorization and accounting protocol that has many features not included in the legacy RADIUS protocol.
• Distributed Deployment
  Configuration in which the Check Point Security Gateway and the Security Management Server products are installed on different computers.
• DRX
  Discontinuous Reception - when MS receives intermittently.
• Dynamic Object
  Special object type, whose IP address is not known in advance. The Security Gateway resolves the IP address of this object in real time.
E
• EDGE
  Enhanced Data-rates for GSM Evolution, a technology for enhancing GSM to deliver mobile data and multimedia services; an alternative to UTMS.
• End-to-End Security
  A single encrypted and authenticated tunnel through the operator network, reaching from the wireless device to the server. End-to-end security requires that the entire connection be IP-based; this can occur only in third-generation networks.
• Endpoint Policy Management
  Check Point Software Blade on a Management Server to manage an on-premises Harmony Endpoint Security environment.
• Expert Mode
  The name of the elevated command line shell that gives full system root permissions in the Check Point Gaia operating system.
G
• G-PDU
  A user data message, comprising a G-PDU and a GTP header.
• Gaia
  Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems.
• Gaia Clish
  The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).
• Gaia Portal
  Web interface for the Check Point Gaia operating system.
• Gb
  Interface between an SGSN and a BSS.
• Gc
  Interface between a GGSN and an HLR.
• Gd
  Interface between a SMS-GMSC and an SGSN, and between a SMS-IWMSC and an SGSN.
• Gf
  Interface between an SGSN and an EIR.
• GGSN
  Gateway GSN (GPRS Support Node).
• Gi
  Reference point between GPRS and an external packet data network.
• GMM/SM
  GPRS Mobility Management and Session Management - protocol stack between MS and SGSN that handles GPRS attach/detach, PDP context activation/deactivation, etc.
• Gn
  Interface between two GSNs within the same PLMN.
• Gp
  Interface between two GSNs in different PLMNs. The Gp interface allows support of GPRS network services across areas served by the co-operating GPRS PLMNs.
• GPRS
  General Packet Radio System, a non-voice value-added service for faster data transactions over a mobile telephone network, designed for deployment on GSM and TDMA-based mobile networks. GPRS overlays a packet-based air interface on the existing switched network.
• Gr
  Interface between an SGSN and an HLR.
• Gs
  Interface between an SGSN and an MSC/VLR.
• GSM
  Global System for Mobile Communications (originally Groupe Speciale Mobile, hence the acronym) - a second generation time-division mobile network standard.
• GSN
  GPRS Support Node.
• GTP
  GPRS Tunnel Protocol.
• GTP Tunnel
  In GTP version 0 GTP tunnel is defined by two associated PDP Contexts in different GSN nodes and is identified with a Tunnel ID. (1) In GTP version 1/2, a GTP tunnel in the GTP-C plane is defined for all PDP Contexts/sessions with the same PDP address and APN (for Tunnel Management messages), or for each MS (for messages not related to Tunnel Management). A GTP tunnel is identified in each node with a TEID, an IP address and a UDP port number. (2) In GTPv1 GTP tunnel in the GTP-U plane is defined for each PDP Context in the GSNs. While in GTPv2 a bearer is used. (3) In GTP version 2, a GTP-C tunnel is defined for all PDP sessions with same PDP address and TEID,For GTP-U plane traffic a Bearer is created. (4) In all versions, a GTP tunnel is necessary to forward packets between an external packet data network and an MS user.
H
• HLR
  Home location register - a central database that contains user-related and subscription-related information.
• Hotfix
  Software package installed on top of the current software version to fix a wrong or undesired behavior, and to add a new behavior.
• HPLMN
  Home Public Land Mobile Network - the home network.
• HSCSD
  High Speed Circuit Switched Data - a new GSM service for circuit switched connections.
• HSPA
  High Speed Packet Access. An improved third generation mobile communication protocol that significantly enhances data transfer. It is a combination of two protocols: (1) HSUPA - High Speed Uplink Packet Access (2) HSDPA - High Speed Downlink Packet Access.
• HTTPS Inspection
  Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.
I
• ICA
  Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.
• Identity Awareness
  Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.
• Identity Logging
  Check Point Software Blade on a Management Server to view Identity Logs from the managed Security Gateways with enabled Identity Awareness Software Blade.
• IE
  Information Element - a group of information which may be included within a signaling message or data flow.
• IETF
  Internet Engineering Task Force - Internet standardization organization.
• IMSI
  International Mobile Subscriber Identity - a user's unique ID in GSM/GPRS networks.
• Interface
  Well standardized point in the GPRS standard that typically has multivendor capability; opposite of reference point.
• Internal Network
  Computers and resources protected by the Firewall and accessed by authenticated users.
• IPS
  Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).
• IPsec VPN
  Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.
• ISP
  Internet Service Provider - an organization or operator that sells Internet access.
J
• Jumbo Hotfix Accumulator
  Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA.
K
• Kerberos
  An authentication server for Microsoft Windows Active Directory Federation Services (ADFS).
L
• LLC
  Logical Link Control - the protocol layer between MS and SGSN.
• Log Server
  Dedicated Check Point server that runs Check Point software to store and process logs.
• Logging & Status
  Check Point Software Blade on a Management Server to view Security Logs from the managed Security Gateways.
• LTE
  Long Term Evolution - a standard for wireless broadband communication for mobile devices and data terminals, based on the GSM/EDGE and UMTS/HSPA technologies. It increases the capacity and speed using a different radio interface together with core network improvements.
M
• Management Interface
  (1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member. (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI.
• Management Server
  Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.
• Manual NAT Rules
  Manual configuration of NAT rules by the administrator of the Check Point Management Server.
• MIB
  Management Information Base - a collection of managed objects defined by their attributes and visible to the network management system.
• MME
  Mobility management element - in charge of mobility management in GTPv2
• MMS
  Multimedia Short Message Service - wireless service that transmits text, audio and video over WAP.
• Mobile Access
  Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.
• MS
  Mobile Station - a portable device that connects subscribers to a wireless network, for example a cellular phone or a laptop with a cellular modem.
• MS-ISDN
  Mobile Station International ISDN Number - the standard international telephone number used to identify a given subscriber.
• MTP2
  Message Transfer Part layer 2 - S7 protocol layer 2.
• MTP3
  Message Transfer Part layer 3 - SS7 protocol layer 3.
• Multi-Domain Log Server
  Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS.
• Multi-Domain Server
  Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.
N
• N-Byte
  Number of Bytes.
• N-PDU
  Number of Packets.
• Network Object
  Logical object that represents different parts of corporate topology - computers, IP addresses, traffic protocols, and so on. Administrators use these objects in Security Policies.
• Network Policy Management
  Check Point Software Blade on a Management Server to manage an on-premises environment with an Access Control and Threat Prevention policies.
• NS
  Network Service - the protocol layer between BSS and SGSN.
• NSAPI
  Network Service Access Point Identifier - an integer value in the range [0; 15], used in GTP V0/V1 versions for PDP Context identification in the MS and SGSN.
• NSS
  Network SubSystem - the network part of the network (in GPRS this means SGSN and GGSN).
O
• Open Server
  Physical computer manufactured and distributed by a company, other than Check Point.
P
• P-TMSI
  Packet TMSI - a packet system's temporary mobile's identity.
• PCU
  Packet Control Unit - functional element in BSS that handles upper level GPRS control in radio.
• PDA
  Personal Digital Assistant- a device that fits in hand and has limited services.
• PDN
  Packet Data Network - a network that carries user data in packets (for example, Internet and X.25)
• PDP
  Packet Data Protocol - a network protocol used by an external packet data network (usually IP).
• PDP address
  The MS's address in the external packet data network, also called End User IP address.
• PDP context
  Information sets held in MS and GSNs for a specific PDP address.
• PDU
  Protocol Data Unit - a packet.
• PGW
  Packet Data Network Gateway - an LTE support node.
• PLMN
  Public Land Mobile Network.
• PPP
  Point-to-Point Protocol - a widely used protocol under IP to connect (for example, PC and ISP via modems).
• Provisioning
  Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM.
• PSWT
  Public Switched Telephone Network. A collection of public circuit-switched telephone network, including telephone lines, fixed lines, microwave transmission links, cellular networks, and satellite communication.
• PTM
  Point To Multipoint - one sender, multiple receivers.
• PTP
  Point To Point- one sender, one receiver.
Q
• QoS
  Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.
R
• R
  Reference point between a non-ISDN compatible TE and MT. Typically this reference point supports a standard serial interface.
• RA
  Routing Area - a set of cells belonging to one group. RA is always a subset of a LA (location area).
• RLC
  Radio Link Control - A protocol between MS and BSS to handled retransmission and other radio related issues.
• Rule
  Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.
• Rule Base
  All rules configured in a given Security Policy. Synonym: Rulebase.
S
• S1-MME
  Interface between eNodeB and MM.
• S1-U
  Interface between eNodeB and SGW.
• S3
  Interface between SGSN and MME.
• S4
  Interface between SGSN and SGW.
• S5/S8
  The interface between SGW to PGW on the HPLMN and between PLMNs
• SCTP
  Stream Control Transmission Protocol, SCTP was defined as a transport protocol for SS7 messages to be transmitted over IP networks.
• SecureXL
  Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway.
• Security Gateway
  Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.
• Security Management Server
  Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.
• Security Policy
  Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.
• SGSN
  Serving GSN - a GPRS Support Node.
• SGW
  Serving Gateway - a LTE support node.
• SIC
  Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.
• SLIP
  Serial Line IP protocol - a protocol similar to PPP.
• SM-SC
  Short Message Service Center - a computer that handles short messages.
• SmartConsole
  Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.
• SmartDashboard
  Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings.
• SmartProvisioning
  Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM.
• SmartUpdate
  Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment.
• SMS
  Short Message Service - A protocol enabling mobile phone users to send and receive short messages of up to 160 characters messages.
• SMS-GMSC
  Short Message Service Gateway MSC - an MSC used to deliver data to/from SGSN.
• SMS-IWMSC
  Short Message Service Interworking MSC - an MSC used to deliver data to/from SGSN.
• SNDC
  SubNetwork Dependent Convergence - The protocol layer between MS and SGSN.
• SNDCP
  SubNetwork Dependent Convergence Protocol - the protocol used in SNDC.
• SNMP
  Simple Network Management Protocol runs over TCP/IP and is used to control and manage IP gateways and other network functions.
• Software Blade
  Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities.
• Standalone
  Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server.
T
• T-PDU
  An original packet from an MS or a network node in an external packet data network.
• TCAP
  Transaction Capabilities Application Part - SS7 protocol layer.
• TE
  Terminal Equipment - typically a computer, host.
• TEID
  Tunnel End Point Identification - The GTP version 1 uni-directional tunnel identifier.
• TFT
  Traffic Flow Template, a packet filter list that sorts the packets coming into the GGSN to the correct PDP Context. Also allows some protocol security filtering.
• Threat Emulation
  Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.
• Threat Extraction
  Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.
• TID
  Tunnel ID - the GTP version 0 GTP tunnel identifier. Consists of the user ID, or equivalent when Anonymous Access is used, and NSAPI.
• TLLI
  Temporary Logical Link Identity - provides a signaling address for communication between the MS and the SGSN.
U
• Um
  Radio interface between MS and the network.
• UMTS
  Universal Mobile Telephone System, a third generation service (part of the IMT-2000 vision) that is expected to enable cellular service providers to deliver high-value broadband information, commerce and entertainment services to mobile users via fixed, wireless and satellite networks.
• Updatable Object
  Network object that represents an external service, such as Microsoft 365, AWS, Geo locations, and more.
• URL Filtering
  Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.
• User Directory
  Check Point Software Blade on a Management Server that integrates LDAP and other external user management servers with Check Point products and security solutions.
• UTMS
  Universal Mobile Telecommunications System. A third generation, packet-based, mobile cellular technology for networks based on the GSM standard.
V
• VPLMN
  Visited Public Land Mobile Network - the network where the MS is currently located.
• VSX
  Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts.
• VSX Gateway
  Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.
W
• WAP
  Wireless Application Protocol, a standard wireless protocol specification, based on existing Internet standards such as XML and IP, that leverages HTTP and enables developers to use existing tools to produce scalable applications that deliver Internet content and advanced services to mobile phones and other wireless terminals.
Z
• Zero Phishing
  Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.