Check Point Adds Virtualization to Security Lineup

By Cameron Sturdevant  |  Posted 2008-10-10 Print this article Print

The Check Point VPN-1 VE is designed to protect resources in VMware ESX and ESXi environments. While the VPN-1 VE does reduce security risk in these deployments, IT administrtors will need some consulting help or staff with knowledge of both VMware ESX and security to take full advantage of the product.

The Check Point VPN-1 VE (Virtual Edition) is the first release of the company's security gateway delivered as a virtual appliance for deployment in VMware ESX and ESXi environments.

VPN-1 VE runs on the same Check Point SecurePlatform as a physical VPN-1 software appliance and can easily be integrated into existing Check Point security management consoles. VPN-1VE provides strong protection for virtual machines that would otherwise have to route network traffic to an external firewall/IPS device.

My tests showed that using the VPN-1 in VMware ESX installation can significantly mitigate security risks while taking advantage of the consolidation benefits of virtualization. However, taking full advantage of VPN-1 VE requires more than knowing how to configure a Check Point firewall. IT managers will need to engage consulting services or have staff on hand who are fluent in both security and VMware ESX setup.

While alternative security solutions are worth looking at for protecting virtual machines, none that I've seen is significantly easier to configure than the VPN-1 VE. Plus, for shops that already have Check Point solutions in place, benefits derived from unified management and security policy creation are hard to beat.

With that said, however, the VPN-1 VE that I tested, which included VPN-1 UTM, costs $7,500 to secure five virtual machines and $15,000 to secure an unlimited number of virtual machines. VPN-1 VE licenses can be used only on VMware ESX or ESXi servers. The VPN-1 VE unlimited license is designed to use as many as four virtual cores.

A 15-day trial of VPN-1 VE, which became available Sept. 15, can be downloaded from the VMware Virtual Appliance Marketplace (look for the "certified production ready" section). This is where you'll also find several competitive products, including Stonesoft's StoneGate Virtual Firewall/VPN and Virtual IPS, Vyatta's Linux-based firewall/VPN, StillSecure's Cobia Unified Network Platform, BlueLane's VirtualShield for VMware ESX Server 3, Reflex Security's Reflex VSA and Astaro's Security Gateway.

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel