EXCLUSIVE: Check Point UTM-1 1050

Editor's Choice
Price
£6,259

Check Point may have an enviable reputation in the network security arena but it has studiously avoided the mid-range and enterprise UTM appliance markets.

Until now that is, as it heralds its first assault with a family of three appliances and in this exclusive review we look at the UTM-1 1050 which represents the middle ground in the range. It aims to deliver a similar level of features as Check Point's higher-end appliances but at a more affordable price and although Check Point recommends a maximum of 500 users for the 1050, it actually has an unlimited user license.

The UTM-1 family pitches Check Point up against the likes of Cisco, Juniper, Fortinet and SonicWALL and offers a number of key differentiators. Centralized management comes as standard and the 1050 includes a license to manage three separate sites. More importantly, it doesn't require a separate appliance or any additional software to achieve this as these features are built in to the bundled SmartConsole software suite.

Along with the Eventia Reporter which allows a wide range of custom reports to be created you also get the SmartView Monitor. This provides real-time statistics on utilization for all appliances along with traffic graphs for areas such as the top services and destinations plus graphical counters for functions including content inspection and firewall activity history.

There's more as Check Point's browser-based SmartPortal offers quick access to all gateways where you can easily see their status, monitors alerts and manage security policies.

At the appliance's foundation is Check Point's Firewall-1 which, along with SPI/NAT firewalling, has the ability to handle a wide range of applications including IM and P2P. On top of this you get IDS, IPS, anti-virus, an application firewall and support for both IPsec and SSL VPNs. The latter is another valuable feature as a number of competing vendors only offer this as a separate appliance. Check Point's optional SmartDefense puts even more features into the melting pot although it seems a bit harsh that you have to purchase this to get regular anti-virus signature updates. However, is still looks good value as it includes web content filtering, proactive protection against known and emerging vulnerabilities and regularly updated security advisories and best practices. The UTM-1 appliances do not currently offer anti-spam services although this is a feature Check Point is considering.

Initial installation starts by pointing a browser at the appliance's internal Ethernet port where a quick start wizard gets you up and running. At this stage you'll probably just want to set up the LAN and WAN ports but the wizard does offer options for all ports including the dedicated DMZ and extra LAN ports. You can also decide whether you want the appliance to be locally or remotely managed which sets it up either as a SmartCenter server or configures it to contact another appliance running this service. Check Point has thoughtfully stored the SmartCenter software on the appliance from where it can be downloaded via the web interface. This installs the entire suite and your first port of call will be the SmartDashboard where you'll need to define the various interfaces and set up your firewall rules. No wizards are provided so from here on in you're faced with a fair amount of manual labour. Although the internal and external ports are activated during the setup phase you need to tell the appliance which one is connected to the LAN and which one faces the Internet and you also need to activate NAT on the latter as well.

Next up are firewall rules although at this stage it's probably best to create your network objects, services, users and groups in the left pane as these can be dragged and dropped directly into rules. The 1050 commendably defaults to blocking all traffic but it was easy enough for us to create a firewall rule that allowed outbound traffic through but blocked unsolicited inbound traffic. Rules are placed in strict order of precedence with each containing sources and destination objects, services and time schedules. Logging can be activated individually and traffic can be permitted, denied or dropped or you can implement session or user authentication.

We like Check Point's SSL-VPN feature although this requires users and rules to be set up, the Visitor Mode activated, services declared as available to remote users and a pool of virtual IP addresses created. Clients then point their web browser at the appliance's WAN port where an SSL network extender is automatically downloaded. The Integrity security scanner is yet another valuable feature as it can be used to scan the client system to ensure it isn't harbouring any nasties before the tunnel is established.

We found the UTM-1 1050 a sophisticated UTM appliance with a wealth of security features on offer. Anti-spam is the only key component missing although few businesses use every feature on UTM appliances so we don't see this as a major issue. Pricewise, the 1050 compares very well with the main competition but Check Point's ace-in-the-hole is its centralised management package which comes as standard and doesn't require additional components to function.

Verdict

Anti-spam isn't on the check list but the 1050 is still a powerful UTM appliance offering some very tough security measures plus excellent management facilities as standard and all at a competitive price.

1U rack chassis 2.93GHz Celeron D 341 2GB 533MHz unbuffered SDRAM 80GB IDE hard disk 4 x Gigabit Ethernet 4 x Fast Ethernet 2 x USB ports 1Gbps firewall throughput Supports IPsec and SSL VPNs SmartConsole software suite bundled Options: appliance with annual SmartDefense subscription - £7,911 exc VAT

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

The ultimate guide to landing a cyber security career
Careers & training

The ultimate guide to landing a cyber security career

30 Sep 2020
8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Nokia will replace Huawei as BT's largest 5G equipment provider
5G

Nokia will replace Huawei as BT's largest 5G equipment provider

29 Sep 2020