Check Point 2210 Appliance
Strengths: Good value, extensive selection of security measures, web security and anti-spam blades perform well, plenty of monitoring tools, easy to upgrade
Weaknesses: Deployment can be complex, reporting tools not perfect
Verdict: Offers SMEs a quality range of security measures at an affordable price, and Check Point’s software blades make it easy to customise to requirements
Check Point's new 2200 Appliance family is designed for SMEs that want affordable enterprise-level network security. They use the same software blades as the larger models, allowing them to be easily customised with only the required features. The 2210 has at its foundation Check Point's well-respected firewall, and this is partnered by blades for IPsec VPNs, identity awareness, mobile access security, clustering, IPS, application control, URL filtering, anti-virus and anti-spam.
Security policy management and logging are standard features across the family, and you can purchase extra blades as demand changes. The appliance has six Gigabit ports that can be configured for LAN, WAN, DMZ or dedicated management duties. It has claimed throughputs of 3Gbps for the firewall and 2Gbps with IPS enabled.
Installation starts at the web console, which fires up a wizard for setting up basic network parameters for the LAN and WAN ports. The console provides access to basic appliance settings and diagnostics, and the internal 250GB hard disk can also be used as an image repository for backing up entire configurations.
For testing in the lab we prefer to have the appliance providing DHCP services on the LAN, but this can only be run from the CLI using the Sysconfig command. However, it's easy enough to achieve where you provide your subnet, address range plus gateway and enable the server.
To fully manage the appliance and create security policies you download Check Point's SmartConsole, which installs a wide range of management and monitoring utilities.
The firewall blocks all traffic by default and is configured using rules that contain source and destination objects, services, time schedules and logging options. For actions you can permit, deny or drop traffic and enforce user and session authentication within each rule. The identity awareness blade is a new addition and links user names to machines, so security policies can be applied to identities regardless of where users log in from. The mobile access blade secures access for remote workers.
It provides a wizard for creating SSL VPN portals that determine what resources and apps will be presented to the user. It also enforces local authentication via the appliance or remotely using methods such as AD or Radius.
For URL filtering, Check Point has moved away from traditional URL category lists and now includes its AppWiki feature. This provides a database of 4,500 Web 2.0 apps, nearly 250,000 social network widgets and individual activities specifically for Facebook.
The SmartEvent utility provides a slick graphical interface where you can examine policy activity for security blades. A timeline displays an overview of events for up to one month, so you can quickly pinpoint any unusual behaviour.Spam activity can't be monitored from SmartEvent so you'll need to use the SmartReporter tool for this blade. It provides a wide range of reports for all blades and can be used to query other Check Point gateways as well.
Anti-spam reporting is the least impressive section as you get only one option, which is hidden in the Express report section and can only look back over the previous two weeks. We also found that some of the URL filtering reports wouldn't generate any data, and suspect they only work with Check Point's older legacy blade.