Check Point 2205 Appliance review
Tough security measures and plenty of optional upgrades, but can be complex to install and configure
Review Date: 7 Feb 2012
Reviewed By: Dave Mitchell
Price when reviewed: From £2,290 (£2,748 inc VAT)
Features & Design
Value for Money
Check Point’s 2200 desktop appliances are designed to bring enterprise-quality network security to SMBs and remote offices. Don’t be fooled by the compact dimensions, as they’re capable devices, complete with a firewall throughput of 3Gbits/sec.
Each model comes equipped with six Gigabit ports that can play at LAN, WAN or DMZ duties as required. It has a small cooling fan, but it’s very quiet and so can sit unobtrusively on the desktop.
A key feature is Check Point’s software “blades”: these allow the appliances to be upgraded with an extensive range of security measures. The entry-level 2205 model on review comes with firewall, IPsec VPN, identity awareness and mobile access security blades, to which you can add individual blades for IPS, application control, URL filtering, antivirus and anti-spam.
Installation starts by pointing a browser at the default management port, and running a quick-start wizard to get the network ports set up. For lab testing we like to have a DHCP server on the LAN side, but found that this could only be created from the CLI Sysconfig command.
The device is managed via the SmartConsole client, which installs a wide range of management and monitoring utilities. First port of call is the SmartDashboard tool, which provides a row of tabbed folders for each function.
The firewall blade defaults to blocking all traffic, and you create rules by defining network objects, services, users and groups in the left pane, dragging them directly into the relevant rule and applying an action. An object for the appliance is created, and selecting this takes you to its properties page to view and activate the various software blades.
The mobile access blade includes a five-user licence, and provides security for remote workers using PCs, laptops or mobile devices to access email and applications on the main network. A wizard creates SSL VPN portals, where you choose a local or remote authentication method such as AD or RADIUS, and decide which apps and resources users may access.
The identity awareness blade links usernames to machines, allowing security policies to be applied to user identities. Along with AD authentication, it can present a captive web portal for identity acquisition from users such as guests.
The optional application and URL filtering blade is worth considering since it now includes Check Point’s AppWiki feature, which provides a database of more than 4,500 Web 2.0 apps. Along with standard URL categories, these can be added to web-filtering policies, and include entries for nearly 250,000 social network widgets, and options to control and monitor specific Facebook activities.
The latest SmartConsole R75.20 includes a wealth of monitoring and reporting tools, and standalone appliances will have to double up as local storage for all logs. The SmartReporter tool presents quality reports on most security activities, although we found it wouldn’t report on the new URL filtering blade – this may not yet be implemented.
The 2205 offers a sophisticated range of security measures, and Check Point’s optional software blades provide plenty of upgrade options. It performed very well during testing, although the multitude of SmartConsole apps presents a steep learning curve, which makes it less suited to small businesses with limited IT expertise.
Author: Dave Mitchell
- Microsoft yanks Windows 8.1 update after crash reports
- Microsoft backtracks on blocking out-of-date Java
- Gartner: time to start planning your Windows 7 upgrade
- Still on IE8? You've got 18 months to upgrade
- Who's buying Chromebooks? American schools
- Microsoft targets Windows in next Patch Tuesday
- Microsoft to block old ActiveX controls in security push
- Samsung and Apple call off all legal disputes, except in the US
- Microsoft ordered to hand over European data
- Will the next Windows 8.1 update arrive next month?
- 20 years of PC Pro: our greatest review mistakes
- 20 years of PC Pro: our first A-List
- Wikipedia's "right to be forgotten" protest hits the wrong note
- 3D printing hits the high street for plastic selfies
- 20 years of PC Pro: What amazed us in our first issue
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- Windows Easy Transfer – not so "easy" in Windows 8.1
- Formula 1: what a difference virtualisation makes
- Office of the future: comfy chairs and tablets everywhere
- How to set up a wireless hotspot for your business: give customers free or paid for internet access
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy