With its dual power supplies and 2GB of main memory, this diskless device can be expanded from its base configuration of four 10/100 Base-T Ethernet ports to support up to 36 10/100 Base-T Ethernet ports and eight copper/fibre Gigabit ports. The system runs under Nokia's IPSO operating system and is administered using the comprehensive browser-based Voyager management interface. It uses Nokia's Accelerated Data Path (ADP) technology to increase throughput on established VPN tunnels. VPN services are provided by Check Point's Firewall-1 NG software, whose management software should be run on separate devices for maximum efficiency.
Configuring the device for VPN use is straightforward, although only half the story. The rest of the configuration process, establishing VPN parameters, defining connections and users, is carried out in the Check Point management interface. All the VPN-related operations are subject to the same stringent validation processes that control the firewall definitions, and you can ensure that logically invalid rules and configurations are not loaded into the device. This is a tried and tested procedure that produces sound configurations as well as the occasional error message.
The client software is Check Point's SecuRemote/SecureClient package, offering a number of modes and features for communication, security and management. Monitoring a system that has two separate management interfaces could be confusing at times, and the wealth of detail and options available can be overwhelming. On the other hand, everything is accessible, and the major functions of device management and firewall management can obviously be run on separate workstations and allocated to different teams if required.
There are advantages to separating things out in this way where large distributed networks are involved. Nokia's Voyager interface gives access to practically every aspect of the system's operation, including features that are often consigned to the command line interface on other systems.
The system did not produce any surprises during the port scanning process, and performance was extremely good.