The Check Point Software Next Generation Threat Prevention Appliances are the latest in a long line of security products from the vendor whose brand is synonymous with firewalls. Check Point has one of the best united threat management approaches, providing solid products -- both for the high and low ends of the market -- with the essential features enterprises look for.
Check Point Software Technologies Ltd. sells 14 different models of its rather oddly named Next Generation Threat Prevention Appliances. They have a range of 10 1-Gigabit Ethernet ports on the smallest unit to 37 1 GbE and 12 10 GbE ports on the largest unit.
The rated firewall throughput of the devices ranges from 750 Mbps to 78 Gbps, which covers a lot of ground. Check Point also sells acceleration modules to push the higher-end rates to faster-rated throughputs.
Additionally, Check Point has a smaller model, called the UTM-1, that runs the same software but is suitable for small and branch offices. This is the latest version of a long line of Check Point UTMs that uses the company's "software blade" architecture, which is a fancy way of saying that it packages and bundles various features for network protection or Web-filtering appliances.
One of the things I like about Check Point's products is that the software architecture is the same whether an organization buys a high-end box or a small office box. That consistency not only eases management, but also allows an organization to put more faith in the product as a whole. It also offers a leading-edge user interface that is clean, easy to understand and has the best-looking and clearest menus of any of the boxes I have used. Its policy creation tools are also straightforward and it's easy to understand the inherent workflow, unlike the tools on Juniper's SRX or Dell's SonicWall. It also works well with mixed Mac and Windows networks.
SearchSecurity's UTM how-to-buy guide
An intro to buying a unified threat management appliances
Product review: Dell SonicWall NSA
Product review: Juniper Networks' SRX Series
By default, Check Point's appliance enables all of its ports on a single LAN switch, and you can define any port to be part of any network via its configuration software, so it is quite flexible. For the smaller boxes that have an integrated wireless access port, organizations can set up multiple SSIDs for the wireless interface with just a single policy selection. This is the easiest wireless configuration of any of the boxes I have tested. Check Point seems to have tried to cover all of the bases in terms of features and functionality for a wide range of network sizes and use cases.
Unlike Juniper, Check Point doesn't hide its advanced settings in a command-line interface. Instead, everything is accessible from its Web interface. If an enterprise needs extra features, such as setting up a failover link or changing the priority of a particular security policy, it isn't too hard to find the right menu option to accomplish the task.
Check Point also includes a connection to its Threat Cloud online reputation service-monitoring tool, allowing organizations to screen traffic for near-real-time malware detection.
Based on my previous testing of various Check Point appliances, they deliver both the protection features as well as the ease of configuration and use that enterprises would expect from a leading-edge UTM vendor.
Red flag warning: Product issues
The biggest issue for Check Point is its sheer number of different products. If you don't need every UTM security feature under the sun, you might be better off purchasing a more focused product that has fewer key features, such as a combination firewall and IPS. Equally complex is its support pricing. While its menus are clearly presented, there are some context changes on the left-hand menu when choosing top menu tabs that can be somewhat annoying at first.
Pricing on these units starts at $11,300 for basic software modules and can top $200,000 for the larger units. There are five different support packages, which include next business day or four-hour on-site response along with next-day air shipments of replacement parts and other options. If an organization has a customer account with Check Point already, it can configure its appliance with the right collection of software and support services. Adding high-availability service will up the price tag significantly too.
About the author:
David Strom is a freelance writer and former editor in chief of several information technology publications. He has written for many TechTarget properties since 2000. His blog can be found at strominator.com and is @dstrom on Twitter.
Author's note: The contributor does not have a paid relationship with any of the vendors mentioned in this article.