Check Point VPN layers the protection

Connectra 2.0 combines SSL VPN, deep packet inspection, and rich end-point security options

Competing in a crowded SSL VPN market, Check Point’s Connectra 2.0 is positioned as not just a secure remote access solution, but also a complete Web security gateway. As such, Connectra not only validates client PCs for anti-virus and personal firewall status, but also scans for malware and quarantines unruly clients. Further, by tying into Check Point’s SmartCenter management platform, Connectra takes advantage of other Check Point technologies such as SmartDefense packet inspection and the Integrity personal firewall.

Connectra is a software-based SSL VPN solution available for existing Intel-based hardware, though you can order it on hardware through Check Point. I installed the software on one of my test servers without any problems and had the system operational within 30 minutes. Its administrative interface is lean and easy to navigate.

User authentication is available via RADIUS, LDAP, Active Directory via LDAP, digital certificates, and local database. The VPN supports browser access to Web-based applications, Windows file shares, and e-mail. Connectra also supports Layer 3 tunneling for network-level access, but as with other SSL solutions, this support is limited to Windows clients. Connectra offers no TCP-based “thin client” access like that found in SSL VPNs such as the Juniper SA-5000.

End-point security is one of Connectra’s greatest strengths. Check Point includes its Integrity Secure Browser for secure, sandboxed sessions, in which all session information is encrypted in transit and deleted from the client upon close. I like the built-in firewall and application layer protection, too. SmartDefense looks for various packet-level attacks while Application Intelligence and Web Intelligence look for malformed application and HTTP traffic.

Connectra 2.0

Check Point Software Technologies

Cost: Starts at $8,000

Available: Now shipping

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies