Check Point is adding extensible authentication protocol (EAP) support into its UTM-1 appliances, giving them the ability to enforce NAC policies for devices accessing wireless networks.

EAP support particularly applies to Wi-Fi networks protected by access points using the WPA Enterprise standard, enabling devices to use the security protocol to ensure sessions are protected.

Having EAP built in means users and devices can authenticate to access points using WPA Enterprise as well as 802.1x. The upgrade also includes an EAP authenticator that can play the role of a RADIUS server for authenticating users. This is particularly useful in branch offices where businesses might not want to support a separate server.

The authentication in conjunction with NAC can help control access of guests to these networks, making sure the access they get as a courtesy doesn’t also let them gain unfettered access to sensitive resources. It can also be used for employees to limit access as determined by business units.

Check Point is playing catch-up with this feature as it relates to NAC, but it is a useful one particularly in a unified threat management device. The devices that the features apply to are designed for branch offices. They have firewall throughput of 190Mbps and 100 VPN tunnels, and they range in price from $600 to $2,000.

The UTM features also include gateway antivirus and intrusion prevention software as well as centralized management.

The devices represent a way to introduce multiple security platforms into small offices where the cost might not otherwise justify deploying them.

Tim Greene is senior editor at Network World.