Check Point and its hardware partners -- Crossbeam, IBM and Nokia-- each submitted different hardware platforms for this test running a common application: Check Point’s VPN-1 software. Likewise, we used Check Point’s Smart Center management system, running on a dedicated server, to manage and monitor all four sets of gateways.
Editor’s note: This is a summary of our testing of this product, for a full rundown of how it fared in our testing across ten UTM categories, please see our full coverage.
Check Point and its hardware partners -- Crossbeam, IBM, and Nokia-- each submitted different hardware platforms for this test running a common application: Check Point’s VPN-1 software. Likewise, we used Check Point’s Smart Center management system, running on a dedicated server, to manage and monitor all four sets of gateways.
Since the late 1990s, Check Point has been a leader in the firewall market, largely because of its superior management application. Early out of the gate with the right security model and the right approach, Check Point has dominated the enterprise firewall space and done well for its customers by continuing to build VPN and deep inspection features into their products.
VPN features continue to be a tremendous strength for Check Point as well. Its remote access VPN capabilities are the most sophisticated of any of the firewalls UTM products we tested, and site-to-site VPNs are also easily managed and monitored. In fact, it’s our opinion that Check Point has almost no competition when it comes to the creation and control of very large and very complex site-to-site VPNs.
We looked the current version of VPN-1 software in two basic configurations: one integrated with Nokia’s IPSO operating system, and the other running on Check Point’s own Linux-derived Secure Platform operating system. VPN-1 is the same firewall in both cases, though Nokia’s Voyager management system for such features as high availability, dynamic routing and appliance management is more sophisticated and flexible than CheckPoint’s equivalent Web-based GUI.
In our testing, we found that Check Point has lost some of the innovation and creativity obvious in its earlier versions VPN-1 firewall. While the features we examined, antivirus and intrusion prevention, are fully present in the VPN-1 firewall, we didn’t find them aimed at enterprise network manager in either their configurability or controls.
For example, the IPS policy is applied on a per-firewall basis, rather than a per-rule one as within a firewall. The result is very little granularity. This might have been appropriate in early versions of Check Point’s SmartDefense IPS, but it isn’t going to fly at this level. Similarly, antivirus parameters are applied not per firewall, but uniformly across all firewalls that have the feature enabled — there is no easy way to have more granular controls.
Check Point has also not integrated the concept of zones — a common feature in many of the other UTM firewalls we tested — into the VPN-1 firewall. Therefore, creating a policy and/or managing a firewall that has many zones of control becomes difficult. Whether the company intends it or not, Check Point management capabilities and feature set really drive the security architect to implementing a lot of smaller UTM firewalls rather than one large one. Check Point’s VPN-1 remains a leader in the firewall space, but by a thinner margin than ever before.
Learn more about this topic
Buyer's Guide: Unified threat managementCheck Point introduces next top security certification
06/04/07Check Point releases multifunction security box for SMBs
In what may be a first for the technology industry, RSA Conference 2015 next month apparently will be...
Website password strength meters, like a spouse asked to assess your haircut or outfit, often tell you...
With all the public cloud storage offerings on the market today, many vendors just want customers to...
Sponsored by AT&T
Sponsored by Brocade
Investors made a crowd around the cloud this week, investing $175 million in companies focused on...
The SDN project now has a security response team to quickly handle new vulnerability reports
Here's how many cybersecurity entry-level job seekers fail to make a great first impression.
As CIOs become overwhelmed by IT demands, chief data officers (CDOs) are stepping in to serve as a...