Defeating Check Point VPN FUD

By /

Some ISA firewall admins using the ISA firewall as a site to site VPN gateway and remote access VPN server have informed me that Check Point sales staff are promulgating what might be false information about the ISA firewall’s VPN capabilities (almost as egregious as the statements made by Blue Coat). Read here to get the truth about the ISA firewall’s VPN capabilities.

FACT: ISA 2004 and ISA 2006 Support Centralized Managment of VPN Gateways and Remote Access VPN Servers

  • The Enterprise Edition of the ISA firewall automatically applies firewall policy to all members of the firewall array
  • Firewall arrays support up to 32 array members
  • Management of multiple arrays is done from a single ISA firewall console
  • Firewall policy and configuration can be backed up and restored with a few clicks of the mouse
  • Centralized management is the cornerstone of ISA Enterprise Edition deployments — all configuration, logging and reporting is done on a centralized basis

FACT: Application Layer Inspection is Performed on all VPN Connections

  • The ISA firewall is the thought leader for application layer inspection, first introduced with ISA Server 2000, and enhanced with ISA 2004 and ISA 2006
  • The ISA firewall’s application layer inspection supports inspection of HTTP, SSL, SMTP, POP3, DNS, MMS, RTSP, H.323, FTP and many more protocols for all VPN connections (remote access VPN and VPN gateway)
  • The ISA firewall is an extensible firewall platform that enables the ISA firewall to perform application inspection for other protocols, such as peer to peer, instant messengers, and other dangerous applications
  • Worm for new outbreaks can be configured by the ISA firewall administrator, or the ISA firewall can be configured with third party applications such as Websense to block worms via on box Network
    Agent

FACT: ISA 2004 and ISA 2006 Firewalls Support VoIP Communications over VPN Links

  • The ISA firewall in site to site VPN configuration fully supports SIP and H.323 VoIP communications
  • The ISA firewall in remote access VPN configuration fully supports SIP and H.323 VoIP communications

FACT: ISA 2004 and ISA 2006 Firewall Block Worms over all VPN Links

  • The ISA firewall applies application layer inspection over all interfaces, including VPN interfaces
  • Worms, such as Sasser and Blaster, as well as new and emerging threats, can be blocked right out of the box with ISA firewalls
  • The ISA firewall sports a highly configurable RPC filter, that ensures that all RPC communications, including those used to connect to file servers, are done in a secure fashion over both remote access VPN and site to site VPN gateway links

This just covers the surface of what I’ve been hearing from folks out in the field. Next week I’ll publish a full comparison between the ISA firewall’s VPN gateway and VPN remote access server capabilities between Check Point servers and ISA firewall.

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top