Think of firewalls and Check Point is inevitably the first name that springs to mind, probably followed by thoughts of huge expense. This is not the case with Check Point Express, which brings high-end firewall technology to mid-sized businesses.
As a software product, you will need a donor PC and an installed operating system. The firewall supports Windows 2000/2003 as well as the Linux and Solaris operating systems, so you can choose the one that you think is the most secure.
We installed the firewall on our test 3.6GHz Pentium 4 system running Windows Server 2003. The installation configures the software and hardens the OS, while random strokes on the keyboard are used to generate an encryption key.
While we decided on the simple configuration that put all of the software's components on a single server, you can also distribute it for better performance and scalability.
Management is through the SmartDashboard application, which will look familiar to anyone used to managing Firewall-1 installations. To create rules, you first have to define each network object, including networks and nodes. Once done, these can be dragged and dropped into rules.
This also gets rid of the idea of deciding how traffic should be managed between ports; a rule applies to all traffic no matter which way it is going or which port it came from. This makes it a powerful system, although there is a lot of work building the network list.
The SmartDashboard is also home to the SmartDefense IPS. Its signatures are updateable, provided you have the right license, although it comes with a comprehensive list.
It will alert you in the case of denial-of-service attacks, port scans and address spoofing, among others.
You can also manage VPN tunnels from the same interface, while excellent reporting tools in the guise of the SmartView suite nicely round the package off.
This software could be considered overkill and slightly more complicated for smaller businesses, but for everyone else you get a comprehensive and highly configurable firewall built by a company with years of experience in the security market.