Check Point firewall becomes policy engine for post-admission NAC

* Check Point's VPN-1 NGX firewalls do more

Check Point this week is announcing that its firewall gear can now act as a policy engine for post-admission NAC.

Working in tandem with Intel vPro network interface cards, the VPN-1 NGX firewalls can scan deep within packets as they hit the firewall, and then direct the network interface card (NIC) to shut down network access for the offending machine.

This is in addition to preadmission NAC Check Point gear that performs via its centrally managed client software Integrity, which sits on each network endpoint. It scans for and updates antivirus software and patches and updates them if needed.

Integrity includes a personal firewall that can also shut down outbound traffic caused by Trojan horses and other malware, which is much the same as what the new pairing of VPN-1 and Intel vPro NICs will do.

But Check Point says not all its firewall customers use Integrity and may find it more convenient and cost effective to use VPN-1 in tandem with the NICs, which they may be adding to their networks anyway as they upgrade desktops and laptops.

Check Point acknowledges that using the firewall and NIC protection may require installing more firewalls to protect key assets, but that many customers are installing VPN-1 internally anyway.

In order to get the NICs to enforce security policies in accordance with the firewalls, customers have to write scripts for the devices to talk to one another. Check Point says that in later releases, a configuration tool with a GUI will eliminate the need to write those scripts.

This announcement brings a more flexible NAC portfolio to Check Point that may fit in better in some customer networks.

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022