Check Point 2205 Appliance review
Tough security measures and plenty of optional upgrades, but can be complex to install and configure
Review Date: 7 Feb 2012
Reviewed By: Dave Mitchell
Price when reviewed: From £2,290 (£2,748 inc VAT)
Features & Design
Value for Money
Check Point’s 2200 desktop appliances are designed to bring enterprise-quality network security to SMBs and remote offices. Don’t be fooled by the compact dimensions, as they’re capable devices, complete with a firewall throughput of 3Gbits/sec.
Each model comes equipped with six Gigabit ports that can play at LAN, WAN or DMZ duties as required. It has a small cooling fan, but it’s very quiet and so can sit unobtrusively on the desktop.
A key feature is Check Point’s software “blades”: these allow the appliances to be upgraded with an extensive range of security measures. The entry-level 2205 model on review comes with firewall, IPsec VPN, identity awareness and mobile access security blades, to which you can add individual blades for IPS, application control, URL filtering, antivirus and anti-spam.
Installation starts by pointing a browser at the default management port, and running a quick-start wizard to get the network ports set up. For lab testing we like to have a DHCP server on the LAN side, but found that this could only be created from the CLI Sysconfig command.
The device is managed via the SmartConsole client, which installs a wide range of management and monitoring utilities. First port of call is the SmartDashboard tool, which provides a row of tabbed folders for each function.
The firewall blade defaults to blocking all traffic, and you create rules by defining network objects, services, users and groups in the left pane, dragging them directly into the relevant rule and applying an action. An object for the appliance is created, and selecting this takes you to its properties page to view and activate the various software blades.
The mobile access blade includes a five-user licence, and provides security for remote workers using PCs, laptops or mobile devices to access email and applications on the main network. A wizard creates SSL VPN portals, where you choose a local or remote authentication method such as AD or RADIUS, and decide which apps and resources users may access.
The identity awareness blade links usernames to machines, allowing security policies to be applied to user identities. Along with AD authentication, it can present a captive web portal for identity acquisition from users such as guests.
The optional application and URL filtering blade is worth considering since it now includes Check Point’s AppWiki feature, which provides a database of more than 4,500 Web 2.0 apps. Along with standard URL categories, these can be added to web-filtering policies, and include entries for nearly 250,000 social network widgets, and options to control and monitor specific Facebook activities.
The latest SmartConsole R75.20 includes a wealth of monitoring and reporting tools, and standalone appliances will have to double up as local storage for all logs. The SmartReporter tool presents quality reports on most security activities, although we found it wouldn’t report on the new URL filtering blade – this may not yet be implemented.
The 2205 offers a sophisticated range of security measures, and Check Point’s optional software blades provide plenty of upgrade options. It performed very well during testing, although the multitude of SmartConsole apps presents a steep learning curve, which makes it less suited to small businesses with limited IT expertise.
Author: Dave Mitchell
- Microsoft supercharges PowerPoint with Office Mix
- Microsoft and Nokia deal tweaked ahead of completion
- Microsoft slashes custom XP support price
- Ubuntu LTS Server 14.04 extends cloud support
- Intel: PC sales are "encouraging"
- Google to rank encrypted pages higher
- Heartbleed: the race to reissue security certificates
- Dropbox boosts app line-up with Carousel and Mailbox for Android
- BlackBerry CEO says not selling off phones "any time soon"
- Microsoft halts business downloads of Windows 8.1 Update
- Hello Cortana, it's nice to meet you
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- Can Microsoft survive? The future of Office
- A real-world guide to business VoIP
- Sack your PA: how to stay on top of your work life
- Power lies with the internet giants, not the governments
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?
- The best Android antivirus apps for 2014
- Headings vs headers: how to use both in Word