EXCLUSIVE: Check Point UTM-1 1050

Check Point may have an enviable reputation in the network security arena but it has studiously avoided the mid-range and enterprise UTM appliance markets.

Until now that is, as it heralds its first assault with a family of three appliances and in this exclusive review we look at the UTM-1 1050 which represents the middle ground in the range. It aims to deliver a similar level of features as Check Point's higher-end appliances but at a more affordable price and although Check Point recommends a maximum of 500 users for the 1050, it actually has an unlimited user license.

The UTM-1 family pitches Check Point up against the likes of Cisco, Juniper, Fortinet and SonicWALL and offers a number of key differentiators. Centralized management comes as standard and the 1050 includes a license to manage three separate sites. More importantly, it doesn't require a separate appliance or any additional software to achieve this as these features are built in to the bundled SmartConsole software suite.

Along with the Eventia Reporter which allows a wide range of custom reports to be created you also get the SmartView Monitor. This provides real-time statistics on utilization for all appliances along with traffic graphs for areas such as the top services and destinations plus graphical counters for functions including content inspection and firewall activity history.

There's more as Check Point's browser-based SmartPortal offers quick access to all gateways where you can easily see their status, monitors alerts and manage security policies.

At the appliance's foundation is Check Point's Firewall-1 which, along with SPI/NAT firewalling, has the ability to handle a wide range of applications including IM and P2P. On top of this you get IDS, IPS, anti-virus, an application firewall and support for both IPsec and SSL VPNs. The latter is another valuable feature as a number of competing vendors only offer this as a separate appliance. Check Point's optional SmartDefense puts even more features into the melting pot although it seems a bit harsh that you have to purchase this to get regular anti-virus signature updates. However, is still looks good value as it includes web content filtering, proactive protection against known and emerging vulnerabilities and regularly updated security advisories and best practices. The UTM-1 appliances do not currently offer anti-spam services although this is a feature Check Point is considering.

Initial installation starts by pointing a browser at the appliance's internal Ethernet port where a quick start wizard gets you up and running. At this stage you'll probably just want to set up the LAN and WAN ports but the wizard does offer options for all ports including the dedicated DMZ and extra LAN ports. You can also decide whether you want the appliance to be locally or remotely managed which sets it up either as a SmartCenter server or configures it to contact another appliance running this service. Check Point has thoughtfully stored the SmartCenter software on the appliance from where it can be downloaded via the web interface. This installs the entire suite and your first port of call will be the SmartDashboard where you'll need to define the various interfaces and set up your firewall rules. No wizards are provided so from here on in you're faced with a fair amount of manual labour. Although the internal and external ports are activated during the setup phase you need to tell the appliance which one is connected to the LAN and which one faces the Internet and you also need to activate NAT on the latter as well.

Next up are firewall rules although at this stage it's probably best to create your network objects, services, users and groups in the left pane as these can be dragged and dropped directly into rules. The 1050 commendably defaults to blocking all traffic but it was easy enough for us to create a firewall rule that allowed outbound traffic through but blocked unsolicited inbound traffic. Rules are placed in strict order of precedence with each containing sources and destination objects, services and time schedules. Logging can be activated individually and traffic can be permitted, denied or dropped or you can implement session or user authentication.

The versatility of the Firewall-1 quickly becomes apparent as you can use it to control different services so for IM and P2P apps you can let them through, log usage or block file transfers, video or audio. No modifications are applied until policy changes have been installed and you can select which appliances are to receive them.

With SmartDefense activated you get to play with the web content filters which come courtesy of Websense - the new owners of SurfControl. You can pick and choose from forty URL categories and add your own network exceptions and black and white URL lists. Anti-virus scanning is configured from the same section and can be applied to web and mail traffic. CA's eTrust anti-virus scanner is used here and also provides options for scanning downloads and limiting mail attachment sizes. This dynamic duo performed very well during testing with WebSense blocking every dubious site we attempted to access whilst CA made short work of infected mail and web downloads. The base appliance also comes with over 100 spyware signatures which worked well during testing with the appliance stopping us from accessing known spyware sites and causing a warning web page to be loaded on our test client systems.

We like Check Point's SSL-VPN feature although this requires users and rules to be set up, the Visitor Mode activated, services declared as available to remote users and a pool of virtual IP addresses created. Clients then point their web browser at the appliance's WAN port where an SSL network extender is automatically downloaded. The Integrity security scanner is yet another valuable feature as it can be used to scan the client system to ensure it isn't harbouring any nasties before the tunnel is established.

We found the UTM-1 1050 a sophisticated UTM appliance with a wealth of security features on offer. Anti-spam is the only key component missing although few businesses use every feature on UTM appliances so we don't see this as a major issue. Pricewise, the 1050 compares very well with the main competition but Check Point's ace-in-the-hole is its centralised management package which comes as standard and doesn't require additional components to function.

Email to a friend

Print this page