The evaluated Check Point Firewall-1 Version 4.0 is referred to as the Target of Evaluation (TOE). The TOE configuration consists of one physical component executing:
- One Firewall Module, that implements the Security Policy, logs events, and communicates with the Management Module
- One Management Module which manages the Firewall-1 database: the Rules Base, network objects, services, users, etc. and
- The Windows NT Server 4.0 operating system with service pack 4 installed.
- Two network interfaces with one designated as internal and the other as external.
The Firewall-1 is a firewall employing a hybrid application-level gateway and packet filtering called Stateful Multilayer Inspection. The technology utilises packet filtering's performance and scalability and the security of an application gateway. As an Application-level Firewall, the Firewall-1 mediates flows between clients and servers located on internal and external networks governed by the firewall. An application-level firewall may employ security servers to screen information flows. Security servers on the Firewall-1 for FTP and Telnet, require authentication at the firewall by client users before requests for such services can be authorised. Only valid requests are relayed to the actual server on either an internal or external network. As a Traffic-filter Firewall, the Firewall-1 selectively routes information flows between an internal and an external network according to a site's security policy rules, the default policy being deny all. Only an authorised administrator has the authority to change the security policy rules. Traffic filtering decisions are made on the source address, destination address, transport level protocol, source port, destination port, and are based on the interface on which the packet arrives or goes out. The Firewall-1 Inspection Engine applies full application-level security but doesn't permit packets to reach full application level security but doesn't permit packets to reach the operating system of the machine the firewall sites on. Additionally, the firewall imposes traffic-filtering controls on information flows mediated by the firewall.