Check Point 2205 Appliance review
Tough security measures and plenty of optional upgrades, but can be complex to install and configure
Review Date: 7 Feb 2012
Reviewed By: Dave Mitchell
Price when reviewed: From £2,290 (£2,748 inc VAT)
Features & Design
Value for Money
Check Point’s 2200 desktop appliances are designed to bring enterprise-quality network security to SMBs and remote offices. Don’t be fooled by the compact dimensions, as they’re capable devices, complete with a firewall throughput of 3Gbits/sec.
Each model comes equipped with six Gigabit ports that can play at LAN, WAN or DMZ duties as required. It has a small cooling fan, but it’s very quiet and so can sit unobtrusively on the desktop.
A key feature is Check Point’s software “blades”: these allow the appliances to be upgraded with an extensive range of security measures. The entry-level 2205 model on review comes with firewall, IPsec VPN, identity awareness and mobile access security blades, to which you can add individual blades for IPS, application control, URL filtering, antivirus and anti-spam.
Installation starts by pointing a browser at the default management port, and running a quick-start wizard to get the network ports set up. For lab testing we like to have a DHCP server on the LAN side, but found that this could only be created from the CLI Sysconfig command.
The device is managed via the SmartConsole client, which installs a wide range of management and monitoring utilities. First port of call is the SmartDashboard tool, which provides a row of tabbed folders for each function.
The firewall blade defaults to blocking all traffic, and you create rules by defining network objects, services, users and groups in the left pane, dragging them directly into the relevant rule and applying an action. An object for the appliance is created, and selecting this takes you to its properties page to view and activate the various software blades.
The mobile access blade includes a five-user licence, and provides security for remote workers using PCs, laptops or mobile devices to access email and applications on the main network. A wizard creates SSL VPN portals, where you choose a local or remote authentication method such as AD or RADIUS, and decide which apps and resources users may access.
The identity awareness blade links usernames to machines, allowing security policies to be applied to user identities. Along with AD authentication, it can present a captive web portal for identity acquisition from users such as guests.
The optional application and URL filtering blade is worth considering since it now includes Check Point’s AppWiki feature, which provides a database of more than 4,500 Web 2.0 apps. Along with standard URL categories, these can be added to web-filtering policies, and include entries for nearly 250,000 social network widgets, and options to control and monitor specific Facebook activities.
The latest SmartConsole R75.20 includes a wealth of monitoring and reporting tools, and standalone appliances will have to double up as local storage for all logs. The SmartReporter tool presents quality reports on most security activities, although we found it wouldn’t report on the new URL filtering blade – this may not yet be implemented.
The 2205 offers a sophisticated range of security measures, and Check Point’s optional software blades provide plenty of upgrade options. It performed very well during testing, although the multitude of SmartConsole apps presents a steep learning curve, which makes it less suited to small businesses with limited IT expertise.
Author: Dave Mitchell
- Will HP finally split into two companies?
- Chromebooks get version of Photoshop
- Toshiba beats retreat from consumer PC market
- Ellison steps down: but who's really running Oracle now?
- Microsoft set to make more job cuts
- Is Peter Pan panto tickets email genuine? Oh no, it isn't
- Intel triples Xeon E5 chip performance, adds DDR4
- Patch Tuesday targets critical IE flaw
- Microsoft refuses to hand over customer emails
- Microsoft yanks Windows 8.1 update after crash reports
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to set up a wireless hotspot for your business: give customers free or paid for internet access
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office