April 11, 2004
- Ease of Use:
- Value for Money:
- Overall Rating:
High availability and throughput with excellent management features.
Needs a separate workstation to manage the firewall software.
A versatile and flexible solution for the high end of the market.
With its dual power supplies and 2GB of main memory, this diskless device can be expanded from its base configuration of four 10/100 Base-T Ethernet ports to support up to 36 10/100 Base-T Ethernet ports and eight copper/fibre Gigabit ports. The system runs under Nokia's IPSO operating system and is administered using the comprehensive browser-based Voyager management interface. It uses Nokia's Accelerated Data Path (ADP) technology to increase throughput on established VPN tunnels. VPN services are provided by Check Point's Firewall-1 NG software, whose management software should be run on separate devices for maximum efficiency.
Configuring the device for VPN use is straightforward, although only half the story. The rest of the configuration process, establishing VPN parameters, defining connections and users, is carried out in the Check Point management interface. All the VPN-related operations are subject to the same stringent validation processes that control the firewall definitions, and you can ensure that logically invalid rules and configurations are not loaded into the device. This is a tried and tested procedure that produces sound configurations as well as the occasional error message.
The client software is Check Point's SecuRemote/SecureClient package, offering a number of modes and features for communication, security and management. Monitoring a system that has two separate management interfaces could be confusing at times, and the wealth of detail and options available can be overwhelming. On the other hand, everything is accessible, and the major functions of device management and firewall management can obviously be run on separate workstations and allocated to different teams if required.
There are advantages to separating things out in this way where large distributed networks are involved. Nokia's Voyager interface gives access to practically every aspect of the system's operation, including features that are often consigned to the command line interface on other systems.
The system did not produce any surprises during the port scanning process, and performance was extremely good.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report