Check Point and its hardware partners -- Crossbeam, IBM and Nokia-- each submitted different hardware platforms for this test running a common application: Check Point’s VPN-1 software. Likewise, we used Check Point’s Smart Center management system, running on a dedicated server, to manage and monitor all four sets of gateways.
Editor’s note: This is a summary of our testing of this product, for a full rundown of how it fared in our testing across ten UTM categories, please see our full coverage.
Check Point and its hardware partners -- Crossbeam, IBM, and Nokia-- each submitted different hardware platforms for this test running a common application: Check Point’s VPN-1 software. Likewise, we used Check Point’s Smart Center management system, running on a dedicated server, to manage and monitor all four sets of gateways.
Since the late 1990s, Check Point has been a leader in the firewall market, largely because of its superior management application. Early out of the gate with the right security model and the right approach, Check Point has dominated the enterprise firewall space and done well for its customers by continuing to build VPN and deep inspection features into their products.
VPN features continue to be a tremendous strength for Check Point as well. Its remote access VPN capabilities are the most sophisticated of any of the firewalls UTM products we tested, and site-to-site VPNs are also easily managed and monitored. In fact, it’s our opinion that Check Point has almost no competition when it comes to the creation and control of very large and very complex site-to-site VPNs.
We looked the current version of VPN-1 software in two basic configurations: one integrated with Nokia’s IPSO operating system, and the other running on Check Point’s own Linux-derived Secure Platform operating system. VPN-1 is the same firewall in both cases, though Nokia’s Voyager management system for such features as high availability, dynamic routing and appliance management is more sophisticated and flexible than CheckPoint’s equivalent Web-based GUI.
In our testing, we found that Check Point has lost some of the innovation and creativity obvious in its earlier versions VPN-1 firewall. While the features we examined, antivirus and intrusion prevention, are fully present in the VPN-1 firewall, we didn’t find them aimed at enterprise network manager in either their configurability or controls.
For example, the IPS policy is applied on a per-firewall basis, rather than a per-rule one as within a firewall. The result is very little granularity. This might have been appropriate in early versions of Check Point’s SmartDefense IPS, but it isn’t going to fly at this level. Similarly, antivirus parameters are applied not per firewall, but uniformly across all firewalls that have the feature enabled — there is no easy way to have more granular controls.
Check Point has also not integrated the concept of zones — a common feature in many of the other UTM firewalls we tested — into the VPN-1 firewall. Therefore, creating a policy and/or managing a firewall that has many zones of control becomes difficult. Whether the company intends it or not, Check Point management capabilities and feature set really drive the security architect to implementing a lot of smaller UTM firewalls rather than one large one. Check Point’s VPN-1 remains a leader in the firewall space, but by a thinner margin than ever before.
Learn more about this topic
Buyer's Guide: Unified threat managementCheck Point introduces next top security certification
06/04/07Check Point releases multifunction security box for SMBs
The FCC on Tuesday warned that it will no longer tolerate hotels, convention centers or others to...
Its cloud business is now half the size of Salesforce, and the gap is closing quickly.
Buyers of the earthly explanation for whatever fell from the sky in Roswell, N.M. back in 1947 are...
Sponsored by AT&T
Sponsored by Brocade
Amazon Web Services today launched a new product to its expansive service catalog in the cloud:...
Years in the making, network upgrade enables Florida county to improve services while saving a bundle
It wasn't just Apple's best quarter ever. It was the best quarter any company has ever had, ever.
Social Engineers work on multiple levels. The key to their success is to target human nature and...