Check Point VPN-1 Edge W8 review
Check Point’s VPN-1 Edge W8 appliance stands out from many similar products, as it supports not only 802.11b/g operations but Atheros’ Super G technology as well. Alongside, you get the standard SPI firewall, plus site-to-site and mobile client VPNs. These are augmented with WAN failover and optional web and email anti-virus scanning, plus anti-spam and web-content filtering, making it a good all-rounder.
Another bonus of the wireless model is the pair of USB ports that can be used to add printer sharing. The W8 model on review is aimed at small, branch or home offices, and the price includes support for eight systems on the LAN but only one VPN tunnel. Installation is easy: you connect the WAN port to your internet device, add PCs to the LAN and fire up a web browser that will automatically be redirected to the appliance’s homepage. For WAN failover, you’ll need two separate broadband connections and accounts, or you can use the serial port for dial-up modem backup.
Three firewall modes are available, with a Medium setting blocking unsolicited inbound and outbound Windows file-sharing traffic. The High setting blocks all inbound traffic and restricts outgoing connections to HTTP, HTTPS, POP3, SMTP, FTP, DNS and VPNs. The firewall can be customised to allow or deny inbound access to specific services or PCs, and one system can also be placed on the secondary WAN Ethernet port, which doubles as a DMZ. Wireless security is good, with WEP, WPA and RADIUS server authentication available. Traffic-shaping is provided, allowing you to apply different weightings and delay sensitive traffic such as VoIP. Extra users can be added, so you can decide whether they can manage the appliance, override the content filters, have VPN remote access and use wireless access.
Content filtering is a hosted service and you currently have 33 categories that can be blocked or allowed, but you can’t customise access. Virus scanning has been improved to cover all web traffic as well as email, and the W8 can scan both POP3 and SMTP protocols, so outbound email can be checked. No attempt to cure infected emails will be made. The offending attachment is removed and comments added to advise the recipient.
Check Point’s anti-spam hosted service worked well during testing. Suspect messages will have the subject modified, while the message content contains a rundown on the scores applied, so you can see why it was considered spam. The original message is provided as an attachment. However, you’ll need an internal system or rule set on your mail client to actually deal with tagged messages. The reporting option lists general firewall activity and traffic, but it was disappointing that it didn’t log virus and spam activity or attempts to access banned sites. VPN setup is well documented for site-to-site and mobile clients, and we found the procedures much easier than for Netgear’s ProSafe VPN Firewall 25.
Originally launched in 2005, the VPN-1 Edge has taken a while to mature and, as such, is comparatively costly. However, it now offers a comprehensive range of security features in an easily managed package.