FWZ, IPSec, and IKE
Previous versions of FireWall-1 supported a variety of key-management schemes. In NG, the only supported scheme is IKE. FireWall-1 NG FP1 and earlier also support the FWZ scheme, which Check Point deprecated in NG FP2. I briefly describe FWZ here mostly for historical reasons—its use is not described in this book.
FWZ
FWZ is Check Point's proprietary key-management system and has been available since Check Point made VPN technology part of FireWall-1 in version 2.0. FWZ incorporates the following:
A CA (a FireWall-1 management console)
Asymmetric encryption for the exchange of CA, DH, and per-session encryption keys
Symmetric encryption for actual data encryption using FWZ1, a proprietary Check Point algorithm that encrypts ...
Get Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.