Check Point 2205 Appliance review
Tough security measures and plenty of optional upgrades, but can be complex to install and configure
Review Date: 7 Feb 2012
Reviewed By: Dave Mitchell
Price when reviewed: From £2,290 (£2,748 inc VAT)
Features & Design
Value for Money
Check Point’s 2200 desktop appliances are designed to bring enterprise-quality network security to SMBs and remote offices. Don’t be fooled by the compact dimensions, as they’re capable devices, complete with a firewall throughput of 3Gbits/sec.
Each model comes equipped with six Gigabit ports that can play at LAN, WAN or DMZ duties as required. It has a small cooling fan, but it’s very quiet and so can sit unobtrusively on the desktop.
A key feature is Check Point’s software “blades”: these allow the appliances to be upgraded with an extensive range of security measures. The entry-level 2205 model on review comes with firewall, IPsec VPN, identity awareness and mobile access security blades, to which you can add individual blades for IPS, application control, URL filtering, antivirus and anti-spam.
Installation starts by pointing a browser at the default management port, and running a quick-start wizard to get the network ports set up. For lab testing we like to have a DHCP server on the LAN side, but found that this could only be created from the CLI Sysconfig command.
The device is managed via the SmartConsole client, which installs a wide range of management and monitoring utilities. First port of call is the SmartDashboard tool, which provides a row of tabbed folders for each function.
The firewall blade defaults to blocking all traffic, and you create rules by defining network objects, services, users and groups in the left pane, dragging them directly into the relevant rule and applying an action. An object for the appliance is created, and selecting this takes you to its properties page to view and activate the various software blades.
The mobile access blade includes a five-user licence, and provides security for remote workers using PCs, laptops or mobile devices to access email and applications on the main network. A wizard creates SSL VPN portals, where you choose a local or remote authentication method such as AD or RADIUS, and decide which apps and resources users may access.
The identity awareness blade links usernames to machines, allowing security policies to be applied to user identities. Along with AD authentication, it can present a captive web portal for identity acquisition from users such as guests.
The optional application and URL filtering blade is worth considering since it now includes Check Point’s AppWiki feature, which provides a database of more than 4,500 Web 2.0 apps. Along with standard URL categories, these can be added to web-filtering policies, and include entries for nearly 250,000 social network widgets, and options to control and monitor specific Facebook activities.
The latest SmartConsole R75.20 includes a wealth of monitoring and reporting tools, and standalone appliances will have to double up as local storage for all logs. The SmartReporter tool presents quality reports on most security activities, although we found it wouldn’t report on the new URL filtering blade – this may not yet be implemented.
The 2205 offers a sophisticated range of security measures, and Check Point’s optional software blades provide plenty of upgrade options. It performed very well during testing, although the multitude of SmartConsole apps presents a steep learning curve, which makes it less suited to small businesses with limited IT expertise.
Author: Dave Mitchell
- Sony revives optical discs with 1TB Archival Disc
- IDC: iPad intertia opens door for Windows tablets
- Office 365 goes social with "Oslo" news feed
- Windows XP: upgrading 30,000 PCs in 30 days
- LibreOffice: ignore Microsoft's "nonsense" on government's open source plans
- Intel Xeon E7 v2 servers support 6TB of RAM
- Microsoft promises video calls between Skype and Lync
- Office for iPad due before July
- Windows 7 on business PCs gets an extension
- Windows apps land on Chromebooks with VMware
- CeBit 2014 diary: Cameron comes to town
- The 5 most interesting UK businesses at SXSW
- Quickest way to upload 1GB? Hop on a train
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- Can Microsoft survive? The future of Office
- A real-world guide to business VoIP
- Sack your PA: how to stay on top of your work life
- Power lies with the internet giants, not the governments
- Software subscriptions return us to a life of servitude
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book