Traffic shaping enables you to create policies that determine how much bandwidth is allotted to specific types of traffic. First you enable these controls on the port managing the Internet connection and enter the total amount of upstream and downstream bandwidth. You have four predefined classes with different priority weightings assigned to them. To use them you need to create firewall rules that allow traffic through for a particular service and during rule creation you assign them to a selected weighting. For example, to give VPN traffic a high priority you create a rule for this service and during this phase you assign the rule to the Urgent QoS (Quality of Service) class. You then edit this class and provide details of the guaranteed bandwidth and a limit for both incoming and outbound traffic.
Content filtering is a hosted service with over thirty categories that can be blocked or allowed, but note that you can’t add your own custom categories. Any user attempting to access a banned site will have their web browser redirected to a warning page on the appliance. Virus scanning can be applied to both web traffic and email and for the latter both POP3 and SMTP are supported. No attempt to cure an infected attachment will be made as the appliance merely strips out the offending file and adds a comment in the message body advising the recipient. VPN setup is very well documented for site-to-site tunnels and mobile clients and I found the wizard assisted procedures surprisingly easy to follow considering the inherent complexity of IPsec.
Check Point’s anti-spam hosted service modifies the subject line of suspect messages. The message content also contains a full rundown on the scores applied so you can see clearly why it was considered spam and the original message is packed up and provided as an attachment. However, you will need an internal system or rule set on your mail client to deal with tagged messages. During testing the service worked extremely well as we ran it over a number of days and estimated that its success rate was above ninety per cent with no false positives.
The reporting feature is probably the biggest disappointment as it lists general firewall activity and appliance configuration changes but doesn’t log virus and spam activity or any attempts to access banned sites.
The VPN-1 UTM Edge offers a lot of security features for the price that are nicely integrated into a compact appliance. Reporting could be better but it’s very simple to deploy and we were particularly impressed with its anti-spam performance
Unlike other sites, we thoroughly test every product we review. We use industry standard tests in order to compare features properly. We’ll always tell you what we find. We never, ever accept money to review a product. Tell us what you think - send your emails to the Editor.