Check Point 1100 Appliance review

Check Point’s 1100 Appliance offers plug and play enterprise level security at an affordable price.

IT Pro Recommended
Price
£365
  • Simplified deployment; Good value; Software blades; Predefined security policies
  • Anti-spam blade is over-enthusiastic

Focusing on SMBs and branch offices, Check Point's 1100 Appliance replaces the UTM-1 Edge. Check Point has added a range of features and simplified installation. The 1100 is also compatible with the firm's extended range of security software blades.

The family comprises three models all using the same fan-less desktop appliance with each licensed for different throughputs. The base 1120 model with Check Point's full NGTP (next generation threat prevention) package has a firewall throughput of 750Mb/sec and is recommended for up to 10 users.

An 1140 license pushes throughput to 1Gb/sec and is good for 25 users while an 1180 license opens it up to 1.5Gb/sec and 50 users. If you find your 1120 isn't up to the job you can buy a new license and upgrade it to a faster model in situ.

The 1100 Appliance is almost identical to the lower-cost 600 Appliance with one exception. The 600 models can only be managed using a web browser whereas the 1100 can be managed individually or centrally using Check Point's SmartCenter Server software.

The appliance has ten Gigabit ports and supports optional 11n wireless and an ADSL2+ modem

Options and installation

The appliance has eight Gigabit ports for LAN duties with two more for WAN and DMZ functions. Our review model had the optional b/g/n wireless AP enabled and you can order one with an ADSL2+ modem as well.

The base model costs around 365 and comes with the NGFW (Next Generation Firewall) software package. This provides an SPI firewall, IPsec VPNs, mobile access security, Check Point's Identity Awareness blade and the Advanced Networking and Clustering (ADNC) blade for ISP redundancy, as well as QoS and application load balancing.

The full NGTP license adds IPS, application controls, URL filtering, anti-virus and anti-spam. As an example, an 1180 Appliance with a one-year NGTP subscription costs around 1,156 ex VAT.

The appliance's browser interface provides a quick start wizard which steps through setting up an Internet connection and deciding whether to centrally manage the appliance or run it in standalone mode. The LAN ports can be configured as an eight-port switch or as individual ports each with their own security policies.

The 1100 Appliance can be managed centrally or in standalone mode via a web browser

Ready to go

A complete set of security policies is already active so the appliance starts protecting your network straight away. The Security Dashboard offers a status view of the software blades with quick links to their configuration and performance graphs.

There's no need to mess about with firewall rules as you can pick from Standard or Strict policies with a single click. The Access Policy tab allows you to modify basic firewall settings such as blocked services and you can add details of mail, DNS, FTP and Citrix servers you want protected.

Application filtering has a predefined policy blocking high security risks, torrents and other P2P apps. The URL filtering blade also has a pre-set policy which blocks inappropriate content such as gambling sites.

You can't change the base URL filtering policy but you can add other undesirable applications and extra categories to it. With two clicks you can also apply rate limits to bandwidth hungry apps and log all blocked traffic.

The appliance's web interface is well designed and provides easy access to all software blades

Blade configuration

The blades are simple to configure as most have few settings. Along with automatic signature updates, the AV blade can be set to scan inbound and outbound web traffic and has options to add file types and exceptions.

Extra URL categories can be added to the default security policy and Check Point provides an extensive list with eleven entries just for Facebook activities. Along with custom policies, the QoS blade can automatically prioritise traffic such as VoIP and ensure VPN traffic gets a set percentage of bandwidth.

The user awareness blade links user names to machines allowing security policies to be applied to user identities. VPN support is excellent as remote workers can connect using Check Point's mobile desktop client, SSL VPNs, LT2P or via a Remote app for iOS and Android.

The optional wireless AP can be configured to provide guest access and secure wireless hotspots

Anti-spam and reporting

POP3 scanning is now included in the anti-spam blade and we tested this by leaving the appliance scanning live mail for two weeks and flagging the subject line of suspect messages. Detection rates were high as Check Point caught over 99 percent of spam.

False positive rates weren't so good, though, as of all the emails flagged by the appliance, 17 per cent were legitimate messages. As it's a managed service, you can't modify the spam scoring system and can set the blade to block the message or flag the email subject line or header.

The appliance can generate hourly, daily, weekly and monthly reports showing all network activity, top web categories, security threats and intrusion alerts. Each report also provides a bandwidth analysis and descriptions of events and application types but you can only print and not export them.

Conclusion

Check Point's 1100 Appliance offers a lot of classy network security features at an affordable price. It can be easily upgraded to keep in step with demand and the simple deployment and predefined security policies means it's virtually ready to go out of the box.

Verdict

The 1100 Appliance combines tough gateway security with extreme ease of use. It runs the same software blades as Check Point’s enterprise products, is great value and can be upgraded without hassle if required.

Chassis: Desktop Memory: 512MB Network: 10 x Gigabit (8 x LAN, WAN, DMZ) Ports: 2 x USB, RJ­45 console Other: SD Card slot, PCI­Express card slot Management: Web browser, SmartCenter Suite Power: External PSU Options: 802.11 b/g/n wireless, ADLS2+ modem Warranty: 1yr NBD exchange 

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021
Fujitsu taps Trend Micro to secure private 5G networks in smart factories
5G

Fujitsu taps Trend Micro to secure private 5G networks in smart factories

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021