Check Point bolsters new firewall appliance

A subsidiary of Check Point Software Technologies Ltd. is shipping a security appliance to protect remote-office and telecommuter LANs, and to make it simpler for companies to set up and manage Check Point VPNs.

SofaWare Technologies’ S-box is designed to be simple enough for technically unskilled end users to install, yet still be sophisticated enough to satisfy corporate security needs, says Gil Shwed, CEO of Check Point.

S-box could be used as an alternative to Check Point’s Firewall-1/VPN-1 software that would run on a PC in a remote office or on a telecommuter’s laptop. Instead of protecting just one machine, though, S-box could protect multiple devices at the same site, which is more typical of a remote office or even some telecommuters’ home offices. The box contains a four-port 10/100 Ethernet switch to protect all devices in a small office and would connect to the Internet in conjunction with a cable or DSL modem.

Rather than dispatch your technicians to each site to install these devices, you can have the technicians preconfigure them and ship them to end users to install. They would just plug them into the broadband modem and to local devices such as PCs, servers and printers.

The device can receive software updates from a central site, and end users can reconfigure the device via a Web interface. S-box could also be used to support a firewall service or by individuals who want to protect their home Internet connections.

This new box may be the result of necessity, says Charles Kolodgy, an analyst with International Data Corp. SofaWare, like Check Point itself, was set up to sell software, not hardware, with the idea that other vendors would imbed the software in their products.

SofaWare was hoping cable- and DSL-modem vendors would use the technology but wound up putting its software in hardware itself. “I think it more comes down to the fact that they couldn’t find someone else to do it,” Kolodgy says.

Service providers might be interested in using the boxes to support firewall services for consumers, he says.

Initially, S-box contains only a firewall, but within months it will include VPN software and support other security, such as URL filtering and e-mail antivirus protection, Shwed says. The box initially will be managed via SofaWare’s management platform called Safe@Home Security, but later will be brought under Check Point’s Site-Manager-1 enterprise management software.

Integrating such an appliance into Check Point’s products is a departure for the company. Until now it has licensed its software to other vendors, notably Nokia Corp., that install it on similar appliances. In fact, analysts generally credit Nokia’s boxes with Check Point software as being among the top sellers of such VPN appliances.

Similar to a Nokia IP51 firewall-only appliance, which costs US$900, S-box without VPN software would cost less than US$300, Shwed says. While SofaWare firewall and VPN software is based on Firewall-1/VPN-1 technology, it is a lighter version of both. The price for S-box with VPN software has not been set. Shwed says that with VPN support, S-box would also compete with other VPN/firewall appliances such as NetScreen Technologies’ 5XP, which costs about US$500.

Kolodgy says he thinks S-box will not threaten Nokia’s product line, which was designed with enterprise use and management in mind.

Check Point can be reached at