Software firewalls have lost favour recently because they require more administrative time in order to secure the underlying operating system. Additionally, the increasing use of virtual private networks (VPNs) has led to the need for faster performance, something that cannot easily be achieved by a software solution. To alleviate these problems, Check Point Software Technologies began offering its Firewall-1 and VPN-1 software on a Nokia appliance, naming the combination the VPN-1 Appliance.
Check Point offers three versions of the VPN-1 Appliance. The VPN-1 Appliance 330 is an entry-level product for small businesses. The VPN-1 Appliance 440 and 650 are more powerful and contain fault-tolerant hardware components and expandable interfaces that are ideal for larger, more complex environments. The 650 model provides more high-availability features than the 440, such as hot-swappable network interface cards, making it a better choice for mission-critical applications.
We tested the VPN-1 Appliance 440, which is an enterprise-class firewall and VPN. It is powerful and flexible in policy configuration, though more complex than some of the newer appliance products such as Netscreen. The management GUI is one of the best available. It is very detailed in its logging of all network activity passing through its interfaces, providing administrators with concise yet thorough information about security events.
For deployment and configuration, Check Point's VPN-1 Appliance 440 requires someone with a fair amount of security knowledge. To this end, Check Point provides extensive training classes and certifications to help with the processes. Although this firewall/VPN appliance is not the most efficient or the most cost-effective solution available, its extensive logging capability and management GUI make it deserving of a four-star rating.
Installing and configuring the Check Point VPN-1 Appliance was a little more difficult than configuring the Netscreen product. Many of the problems we had concerned licensing issues, namely getting the appropriate licenses installed on the appliance so it would function properly. Configuring basic outbound connectivity and remote access VPNs also took a little longer. But once we became familiar with the Check Point Management GUI, things ran more smoothly.
Check Point products are not always the cheapest solutions available. Often they are the most expensive because Check Point bases its licences on the number of IP addresses protected by the firewall. The company's VPN-1 Appliances are no exception. Furthermore, features such as VPN acceleration and quality of service (QoS) are available as separate modules for an additional cost. Most firewall/VPN appliances include these features.
One advantage of going with Check Point, however, is its Open Platform for Security (OPSec) partner program, a one-stop shop for integrated security solutions, including intrusion detection, content security, user authentication and authorisation, high availability, and event reporting.
Another plus about Check Point is the option to purchase SecureClient, a personal firewall that can be used to protect internal and remote access systems, and controlled from the Check Point management console. This greatly helps administrators by providing one central management point for all firewall policies, both enterprise and remote access policies.
The Bottom Line- 4Stars
VPN-1 Appliance 440
Busin-ess Case: Although you pay a premium for Check Point products, you get first-rate security. This enterprise-class firewall/VPN appliance lowers administrative costs by providing a central management point for all firewall policies.
Techn-ology Case: In conjunction with other Check Point products, this VPN-1 Appliance can help provide a highly integrated, enterprise-wide security solution, allowing security administrators to avoid becoming experts in solutions from multiple vendors.
Pros:-l First-rate GUI for centralised managementl OPSEC partner programl Flexible configurationl Informative loggingCons-:l Licensing based on number of IP addressesl Unusually complex configurationPlatfo-rms: Windows 9x, Windows NT.
Price-: More information is available on the Web site.www.checkpoint.com