To repeat the remote access VPN can be clientless and clientfull. Clientless is via ssl portal. From there client can access the most important resources via applets installed in the portal. If client want to use the clientfull VPN he has to have the client installed. He can download the client from the ssl portal. The clientfull VPN can be IPsec or SSL.
There are also a lot of another features in checkpoint like Smart Log, Smart Event, DLP, QoS, Desktop, IPS, Anti-Bot/Virus/Spam which you can check if you need on google 😀
Remote access VPN
If you enable the remote access vpn blade (mobile access) it alerts you that you dont have any so called „office mode IP pool“. Its the IP pool for remote users.
After you click OK wizzards POP to set up your remote access VPN. You can also change the settings int the FW configuration itself like you see in the picture above. Just go to „VPN Clients“ configuration.
Data Loss Prevention (DLP)
DLP is all about to not giving information that should not be publicly available like credit card numbers, etc. If you have PCI DSS customer and he has several milions of stored credit card numbers, you really dont want them to leak out to Internet.
Intrusion prevention system (IPS)
Checkpoint has a database of signatures so he can look into the packet, compare and see that its some kind of attack or malicious traffic. The signatures are constantly updated by checkpoint.
SmartLog must be firstly enabled on the global properties. You see the warning message that it will consume some more space but the logs will be indexed, yeah! 😉 On the left panel you can see all the predefined queries, when you click on star there are all the favorites queries for blades. If you want to search for everything related to some IP, you just put the IP to the search field.
It is correlating tool for all our alarms and events. This allows you to see the big picture overview of what really matters in our environment. The high-level alerts, the things should know and cover and that are very important to know about.
In smart event you can also directly implement countermeasures for security incidents, for example block the source address, etc…