Check Point Unveils Bevy Of VPN Enhancements

Check Point Software Technologies on Tuesday announced a series of enhancements to its VPN products, including a client-less VPN capability and a new data forwarding mechanism that gives users new VPN configuration options.

Check Point also unveiled new performance monitoring features and a tool for checking the security level of VPN client machines.

The client-less VPN capability enables users to connect to a Check Point VPN-1 gateway without requiring dedicated VPN client software. Instead, users can connect from any Web browser that supports an SSL connection. The capability also works with the native Microsoft L2TP VPN client built into Windows.

To employ the client-less VPN, users merely point their Web browsers at a URL that represents the Check Point VPN gateway. Customers can employ various means of authentication, from simple username/password to digital certificates. Once authenticated, the gateway opens an encrypted SSL session to enable access to the VPN, says Leslie Stern, product marketing manager at Check Point.

Check Point still recommends use of its VPN-1 SecureClient software, which includes features such as an integrated firewall. But Stern says the client-less option is good for situations such as business partner extranets, where users can't necessarily dictate what client software VPN users will employ.

Another new feature enables users to build VPN networks in a hub and spoke topology that mimics many frame relay networks, while still enabling branch sites to communicate with one another. Branch sites at the end of each spoke will send data to a central VPN-1 gateway, which will decrypt the traffic, inspect it, then re-encrypt it and forward it on to its end destination, Stern says.

The feature enables more complex VPN designs, she says, such as by enabling users to create a hub and spoke network to serve each geographic region, then hook the networks together. There can also be cost advantages, she says, such as centralizing heavy security screening at the hub rather than at each branch.

Check Point also enhanced and renamed its Real-Time Monitor VPN performance analysis tool, now know as SmartView Monitor. The product can now collect more data on throughput and other issues, in an effort to help customers identify performance bottlenecks before the network crashes and to provide more historical analysis data.

Finally, Check Point announced a new capability for its VPN-1 SecureClient that enables the software to conduct a set of security checks on the client machine prior to connecting to the VPN. Administrators can define what security attributes a client must have before connecting to the VPN, such as security settings in the Web browser and the most recent patches. Based on the SecureClient's assessment of the client's security level, the VPN gateway decides whether to allow the connection.

Customers on a Check Point subscription service receive all the new functions at no additional charge. VPN-1 Pro pricing starts at $3,500 for 25 IP addresses while SecureClient starts at $35 per user.