Check Point's new VPN-1 Edge W touts wireless access support, better performance and a new print server, a combination that makes it a solid addition to the company's line of small security gateways. In this exclusive Clear Choice test, we focused on the features most attractive to enterprise network managers: wireless, VPN, QoS, high availability and management.

The Edge W - anchored with a scaled-down version of NG Version 5, Check Point's enterprise-class firewall - ships with six Ethernet ports, two wireless antennas and a serial port that can be used for console access or dial backup. One Ethernet port is dedicated for Internet outbound access, with the others assigned to other functions. The Edge W can support up to seven security and IP routing zones, or as many as 10 zones if you use 802.1q  virtual LAN tagging.

The most obvious addition to the Edge W is wireless support in the form of an embedded 802.11b/g access point with optional "Super G" mode (a derivative of the 54M bit/sec 802.11g standard that bonds channels together for higher throughput). Although the Edge W has solid security applied to the wireless network, with 802.1X, Wi-Fi Protected Access Personal (pre-shared key authentication) and WPA Enterprise (802.1X authentication) included, Check Point didn't go all-out on the wireless feature set. For example, the wireless connection cannot be used as an Internet up-link, and only a single Service Set Identifier and security zone is supported for wireless users. Advanced Encryption Standard encryption is not there yet.

While the Edge W's wireless security capabilities aren't impressive, what is included in the box works fine. We tested WPA Personal and WPA Enterprise features and had no problems connecting with Windows and Mac clients, or with our Funk Odyssey RADIUS server for 802.1X authentication (see How we did it at www.networkworld.com, DocFinder: 7322 ).

For basic configurations, a Web browser is sufficient to take the Edge W from "out of the box" to running the firewall within a few minutes. It's easy to jump into advanced configuration and define rules that control traffic flow, network address translation and QoS shaping in a simple and unified way. The Edge W also has a command line interface via the console port or a network connection.