![](/uploads/1/2/7/3/127342314/413232340.jpg)
It's hard to miss a appliance, because they all have bright orange boxes and bright yellow front panels. The 1000N is no exception, and the small metal box with the gaudy paint job stands out. Check Point has a large number of security products, but the Safe@Office 1000N and the wireless enabled 1000NW are the only small business specific products.All the connections are on the back of the box, with status lights on the front. There are four 10/100/1000 Gigabit Ethernet ports, one dedicated WAN port, a combo WAN2/DMZ port, and a console RJ45 serial port. Accessories include a serial to RJ-45 cable for command line fans, an Ethernet patch cable, a documentation CD, an illustrated Getting Started Guide, and a sales pitch for optional advanced services features. Don’t miss and see.
Get daily insights. Check Point calls the 1000N a firewall more than a router, and they advertise gigabit throughput, plus 400 VPN tunnels that can run as fast as 200Mbps. You can also run two 1000N units linked together for high availability.Since there are multiple optional software modules, setting the price for the 1000N can be difficult.
View a manual of the Check Point Safe@Office 1000N below. All manuals on ManualsCat.com can be viewed completely free of charge. By using the 'Select a language' button, you can choose the language of the manual you want to view. Checkpoint Part Number Catalog. AFR Enterprises, owned and operated by ASAP Semiconductor, has an extensive catalog of obsolete electronic components at your disposal, such as Deactivation Module, Checkpoint Counterpoint Ix 4/6 Mode Universal, Checkpoint/Counterpoint V,W/Power Supply,(Pn 909377), Checkpoint/Counterpoint Vii;W/Power Supply, Checkpoint/Counterpoint Vii;12X12 Pad.
Check Point says the price starts at $750, but street prices range from $850 to $1,250 depending on the number of users and the installed modules. The price tag may give smaller businesses pause, but IT departments buying for branch offices can justify the price based on the firewall throughput speeds and comprehensive security modules available. Installation and configurationFollowing the Getting Started Guide is easy.
Connect WAN1, connect your network and configuration computer, and turn on the 1000N. The client will receive a DHCP address in the 192.168.10.x range, slightly different than most default addresses. You don't have to remember that, however, to connect to the admin utility, because you use to access the router.The setup wizard forces you to set a password with at least five characters, then the Internet wizard takes over. Perhaps 'wizard' is a little overblown, since it basically asks for the type of broadband connection, then tries to connect.
We linked up first time with no issues. Almost immediately we had Internet access through the 1000N. BrandPost Sponsored by HPEPay-per-use IT models, such as ITaaS, could be the next chapter in IT infrastructure.Changing the LAN IP address range was also simple. Both the LAN IP address settings and DHCP range are on the Network My Network page, found by clicking the Edit icon on the LAN section. Reboots all around, and the LAN address is changedAdding in the second WAN link was also simple.
Network Internet page, then edit the secondary WAN link. A quick trip through the WAN choices, rebooted the cable modem, and the 1000N grabbed hold and connected.Just below the Internet connection listing is the WAN Load Balancing controls.
They use a very simple metaphor: an on/off switch. Slide the switch to 'On' and both lines share traffic. You have no control over what type of load balancing is used, but you can set the ratios between the two WAN connections.We found that the control is hidden far too deeply.
![Safe@office Safe@office](/uploads/1/2/7/3/127342314/217718210.jpg)
You have to click through Network Internet Edit Connection Show Advanced Settings, then scroll to the bottom of the page to the Load Balancing Weight field. The default is a 50/50 traffic split between broadband lines. OperationThe 1000N ships with 90-day trial versions of gateway antivirus updates, antispam, URL filtering, Dynamic DNS, and special logging and report utilities. When you open the admin screen, a sales pitch for service upgrades awaits. Past that, there's not a great screen that monitors the dual-WAN connection for traffic.The best is Reports Networks to bring up the Network Interface Monitor page.
Clicking on the tree menu on the left on either Primary Internet or Secondary Internet displays the connection details, including packets sent and received. You can refresh the screen but not clear the statistics, making it harder to see if a ratio adjustment between WAN links makes a difference.Even without much control (such as whether the balancing is based on packets or bytes), performance is right in line with the other units. When network traffic is light, the 1000N will maximize bandwidth well, but most of the time performance is about average for the group.Though firewall details are beyond our purview for this review, the 1000N does a good job making them understandable. Going to Security Firewall displays another sliding switch to set the security level to low, medium (the default), high, or block all.The SmartDefense system, Check Point's Intrusion Detection System and Intrusion Prevention System, displays a tree list on the left with explanations and default settings explained in the right side of the window.
Blocking ICQ traffic, for instance, is not a set of rules to build, but two choices from pull-down menus on one page.Much like the SonicWall TZ200, the Check Point 1000N offers enterprise level security granularity in a presentation that won't scare off non-experts. But the SmartDefense controls combined with sliding settings give 1000N the edge for being easier to understand. Add in the fact the complexity is there for larger companies providing these to branch offices, and you have a security appliance that covers both ends of the IT experience spectrum.
| |||
|
Check Point Safe@Office 500w
Author: Sean Michael Kerner
Review Date: 3/27/2006
Review Date: 3/27/2006
It's not good enough anymore for a router to just include a basic firewall, if you really want to be secure. Though you may not work in the main office, why shouldn't you get the same security they have?
That's where a new generation of integrated router security appliances offering what's known as unified threat management (UTM) come into play . UTM goes beyond the basic firewall functionality and addresses the wider array of threats that are out there today. Among the best I have yet to see is a new offering from Check Point called the Safe@Office 500.
What it is
The Check Point Safe@Office 500 series come in wireless and wired models (for this review we evaluated the wireless model). It UTM capabilities include a robust firewall, intrusion prevention as well anti-virus, spam and Web-filtering capabilities.
The Check Point Safe@Office 500 series come in wireless and wired models (for this review we evaluated the wireless model). It UTM capabilities include a robust firewall, intrusion prevention as well anti-virus, spam and Web-filtering capabilities.
The appliance has an eye-catching orange finish and includes four 10/100 Ethernet ports for LAN connectivity, a separate DMZ port, which also doubles as a second WAN port. The WAN2 port enables the device to handle two separate Internet connections, which can be helpful from a failover point of view. The wireless model includes a pair of antennas that pump out up to 108 Mbps speeds with security that includes the following: MAC address filtering, WPA2, WEP, WPA and WPA-PSK. There is also a pair of USB slots that can be controlled with the appliance's built in print server. Rounding out the Safe@Office 500w's external ports is a console port that can also be used for connecting a dial-up backup modem to the unit.
The real magic of the Safe@Office 500w though is on the inside.
The appliance is based on Check Point's NGX 6.0 embedded security software platform that is part of Check Point's Firewall-1 enterprise product. What that means is this little box has a robust stateful inspection firewall that puts a basic Windows XP firewall to shame. But a firewall alone, no matter how robust still isn't going to stop all the bad stuff and that's where the Unified Threat Management thing comes into play.
As a subscription-based service, the appliance includes antivirus capabilities that can be configured to check whatever connected network devices you have. In our test case, we tested all inbound and outbound e-mail connections with somewhat mixed results. Certainly the Safe@Office 500w will catch its share of viruses, but not all, so you can't go and uninstall your desktop antivirus capabilities. The same was true of the spam-scanning service, which didn't catch as much spam as I would have liked.
Web filtering for objectionable sites is also part of the mix. It seemed to work well when it was working. You see the catch with the way that the Safe@Office 500w delivers some of its advanced UTM services is that its all subscription-based and delivered remotely via a Check Point service provider. So if, for some reason, connection to the service provider is interrupted, your services are going to get interrupted as well.
Over the evaluation period there were a few minor service interruptions that, in turn, caused Web filtering not to work properly. Normal non-objectionable sites, like PracticallyNetworked.com for example, got flagged because the filtering service was unavailable. It's easy enough to override with a password, but in a multi-user environment when the password holder isn't around, it can be a problem.
Administration
Administering and managing the myriad features of the Safe@Office 500w is a breeze thanks to an easy-to-use Web-based management console— easy once you move beyond the first page. Instead of beginning with a dashboard-type approach for the entry (as is the case on the WatchGuard Firebox Edge X5w), you get a welcome screen with three options: Upgrade and Services, Support and Documentation, and Locate a Service Provider. The side tab, however, exposes the true power of the Safe@Office 500w with links to Reports, Security, Antivirus, Services, Network, Setup, Users, VPN and Help. As you'd expect, each of those tabs has its own set of option that further provides feature accessibility and configuration options.
Administering and managing the myriad features of the Safe@Office 500w is a breeze thanks to an easy-to-use Web-based management console— easy once you move beyond the first page. Instead of beginning with a dashboard-type approach for the entry (as is the case on the WatchGuard Firebox Edge X5w), you get a welcome screen with three options: Upgrade and Services, Support and Documentation, and Locate a Service Provider. The side tab, however, exposes the true power of the Safe@Office 500w with links to Reports, Security, Antivirus, Services, Network, Setup, Users, VPN and Help. As you'd expect, each of those tabs has its own set of option that further provides feature accessibility and configuration options.
Thanks to wizards initial setup was a breeze. That initial setup though will certainly leave you with a working appliance, but you won't recognize the full power of the device. For example, the Safe@Office 500w allows for Traffic Shaping, so you can assign minimum/maximum values for different types of traffic. In our evaluation, this proved to be useful and effective for ensuring high-quality VoIP calls while still operating P2P, instant messaging, Web and e-mail clients. VoIP demands lower latency than other applications and seems to work better with guaranteed bandwidth allocation, whereas for basic Web surfing and e-mail it really doesn't matter.
On the security tab is an item called 'Smart Defense,' which allows for granular configuration of the Safe@Office 500w IDS/IPS defensive capabilities. These are things like Denial of Service and IP-based attacks, which your average router doesn't do squat to prevent. It also enables for control of IM and P2P usage on your network. In general, we found the default settings to work well, but it's always fun to poke around and see what's under the hood.
IPsec-based VPN capabilities are solid. The device even includes a hard link for downloading the client you need to connect with. Sure, it would be nice to have SSL-VPN but that just doesn't exist at this price point (yet).
Reporting is a bit of a mixed bag. The main event log is essentially a data dump that you can save and then use another tool to analyze. You can't sort or manipulate the event log through the management interface itself. You can also configure the Safe@Office to automatically send those same logs to a Syslog server as well.
I never felt lost in the management interface thanks to the context-sensitive help. As opposed to having to thumb through documentation (which is OK if you've got nothing else to do) the help button always seemed to pull up the information that was relevant to the area I was in. Moving beyond the included help, I also contacted support on a number of occasions by both e-mail and Live Help. My e-mail experience was OK, my Live Help experience was great. I tried to give the Live Help agents a hard time, but they didn't flitch and guided me to the solution that solved whatever item I was trying to figure out.
All this wonderfulness has a price, though, and it's not even the price of the appliance itself so much. The advanced UTM services are offered by a Check Point service provider and those services are offered on a subscription basis. So it's not a one-time cost to run and deploy, you'll have cost for as long as you intend to take full advantage of the enhanced services.
The subscription-based approach to enhanced services is, of course, not unique to Check Point, but it is something that tends to get overlooked when buying such a device.
All told the Check Point Safe@Office 500w is an impressive device. In almost two months of active use, it performed well in a few different test environments. The only real drawback was the few periods of service interruption, which were short, but still a nuisance. There was a time when the only way you could put a Check Point firewall into an office was to spend a whole lot of dough, but thanks to this small-friendly device that's no longer the case.
Security threats in 2006 are a lot more than just a regular off-the-shelf firewall can handle, and no doubt more than a few shelves will become home to the Check Point Safe@Office 500w.
Pro:
Cons:
Price as tested: $321.41
![](/uploads/1/2/7/3/127342314/413232340.jpg)