Check Point's Connectra

Powerful tool, but very Windows-centric.

Summary of Clear Choice Test of Check Point Connectra.

Data sheet for Check Point's Connectra
Starting price: $60,000 
Overall score: 3.3

This security powerhouse claimed its fame and fortune by building a better firewall, and the world beat a path to its door. Check Point has struggled to remain at the top by taking its innovative technologies, such as Smart Defense (an anomaly and behavior-based intrusion-detection technology), and incorporating them into other products.

Connectra, Check Point's SSL VPN, has been around since June 2004 and is already in its first major revision, is a good example. Taking a fairly bare-bones SSL VPN implementation and adding Smart Defense definitely gives Check Point an edge, especially given the poor state of end-point security implementation we saw in testing across the board (see end-point security test results). If you can't reliably scan to determine the security posture of the SSL VPN user's PC, at least you can protect the network at the SSL VPN device. If that approach resonates with you, or matches your security requirements, then Check Point is truly the best game in town at this juncture.

Unfortunately, Check Point has cut some corners with this release of Connectra. The most obvious is not including its own high-availability ClusterXL technology in the product (see results of high-availability testing). Also, having an incredible file browser is great, but having it work only in Internet Explorer with no fallback position for any other browser is not acceptable for an SSL VPN remote-access situation.

Check Point is also one of two vendors to fail our "kiosk" test, where we tried to log on from various public terminals. We found similar "our way or the highway" pieces, such as a requirement for ActiveX and Internet Explorer for its Integrity end-point security tool and very limited authentication management that might make Connectra a decent fit for the All-Windows, All Managed, All-Active Directory world. However, this strategy will need to embrace greater interoperability if Check Point hopes to take this product to the next level and go head-to-head with the market leaders (see results of application and client interoperability tests).

< Previous summary: Caymas | Next summary: F5 Networks >

Learn more about this topic

Check Point offers security appliances

12/05/05

Check Point expands SMB offerings

11/28/05

Check Point's VPN-1 Edge W security device picks up wireless support

05/30/05

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.