Check Point and its hardware partners -- Crossbeam, IBM and Nokia-- each submitted different hardware platforms for this test running a common application: Check Point’s VPN-1 software. Likewise, we used Check Point’s Smart Center management system, running on a dedicated server, to manage and monitor all four sets of gateways.
Editor’s note: This is a summary of our testing of this product, for a full rundown of how it fared in our testing across ten UTM categories, please see our full coverage.
Check Point and its hardware partners -- Crossbeam, IBM, and Nokia-- each submitted different hardware platforms for this test running a common application: Check Point’s VPN-1 software. Likewise, we used Check Point’s Smart Center management system, running on a dedicated server, to manage and monitor all four sets of gateways.
Since the late 1990s, Check Point has been a leader in the firewall market, largely because of its superior management application. Early out of the gate with the right security model and the right approach, Check Point has dominated the enterprise firewall space and done well for its customers by continuing to build VPN and deep inspection features into their products.
VPN features continue to be a tremendous strength for Check Point as well. Its remote access VPN capabilities are the most sophisticated of any of the firewalls UTM products we tested, and site-to-site VPNs are also easily managed and monitored. In fact, it’s our opinion that Check Point has almost no competition when it comes to the creation and control of very large and very complex site-to-site VPNs.
We looked the current version of VPN-1 software in two basic configurations: one integrated with Nokia’s IPSO operating system, and the other running on Check Point’s own Linux-derived Secure Platform operating system. VPN-1 is the same firewall in both cases, though Nokia’s Voyager management system for such features as high availability, dynamic routing and appliance management is more sophisticated and flexible than CheckPoint’s equivalent Web-based GUI.
In our testing, we found that Check Point has lost some of the innovation and creativity obvious in its earlier versions VPN-1 firewall. While the features we examined, antivirus and intrusion prevention, are fully present in the VPN-1 firewall, we didn’t find them aimed at enterprise network manager in either their configurability or controls.
For example, the IPS policy is applied on a per-firewall basis, rather than a per-rule one as within a firewall. The result is very little granularity. This might have been appropriate in early versions of Check Point’s SmartDefense IPS, but it isn’t going to fly at this level. Similarly, antivirus parameters are applied not per firewall, but uniformly across all firewalls that have the feature enabled — there is no easy way to have more granular controls.
Check Point has also not integrated the concept of zones — a common feature in many of the other UTM firewalls we tested — into the VPN-1 firewall. Therefore, creating a policy and/or managing a firewall that has many zones of control becomes difficult. Whether the company intends it or not, Check Point management capabilities and feature set really drive the security architect to implementing a lot of smaller UTM firewalls rather than one large one. Check Point’s VPN-1 remains a leader in the firewall space, but by a thinner margin than ever before.
Learn more about this topic
Buyer's Guide: Unified threat managementCheck Point introduces next top security certification
06/04/07Check Point releases multifunction security box for SMBs
Remember when you ditched Firefox for Chrome and pinkie-swore you’d never go back? Yeah, me too. But...
Kansas Heart Hospital was hit with a ransomware attack. It paid the ransom, but then attackers tried to...
The Internet of Things is predicted to grow to a $1.4 trillion market by 2020, which means there are...
It's a big breakthrough in wireless connectivity, but don't let MU-MIMO's limitations catch you...
Some debates remain, including what operating system will run under container applications
The Wi-Fi Alliance recently announced a new IEEE specification, 802.11ah, developed explicitly for the...
Examining the perceived disadvantages and the significant truths about automation’s role in cyber...