Check Point is wheeling out a big software upgrade across its product lines that increases security and makes it easier for users to manage its platforms day-to-day.
The upgrade, called NGX, runs on a dozen Check Point platforms, including its firewalls, IPSec VPN, management software, application security, SSL VPN, internal security gateways and event-correlation software. Management improvements are the most significant features that set it apart, says Paul Stamp, an analyst with Forrester Research. “This allows you to update software across different components and analyze events more effectively and cohesively,” he says. NGX software — which is part of a dozen Check Point products that run on servers, clients or appliances — pulls together management of Check Point’s VPN-1, Connectra SSL VPN and Intraspect internal security gateway. This makes it possible to distribute updates once, rather than platform by platform. Administrators also can get a unified view of logs from all three platforms.
But NGX doesn’t let you change policies from one console. That still requires three separate management applications.
The software includes SmartPortal, a new, read-only Web view of Check Point platforms to give broader access to security policies that have been set without compromising them to changes.
The feature could aid help desk workers who deal with complaints that a certain application is inaccessible. The worker could check policies via a SmartPortal to determine whether policies deny a user access to the application. If so, the caller can be passed on to an administrator with authority to alter the policy. If not, the help desk can continue troubleshooting.
NGX supports dynamic routing, which makes it possible to route traffic through current IPSec tunnels. So if a tunnel fails, routers can find alternative tunnels over which to direct traffic. Previously, Check Point software used static routes that had to be changed manually on each device. Check Point says NGX is set to be available May 30. It comes as an upgrade in customer-support contracts, and ships with new platforms.