Check Point takes best approach to URL filtering

By Joel Snyder, Network World |  Security, check point, firewalls

We had a more difficult time testing the Barracuda NG Firewall's anti-malware features because the NG Firewall uses proxies to handle virus scanning. Barracuda told us that many of the issues we saw in this part of our testing will be resolved in their upcoming v5.4 release.

In the case of HTTP traffic, the NG Firewall transparently intercepts the traffic as long as it's on a standard port (sending viruses through HTTP on a non-standard port didn't activate the proxy). For HTTPS traffic, the NG firewall must be manually configured as a secure proxy — unlike the rest of the products we tested — so we had to change our testing methodology just to get the firewall to scan the HTTPS traffic.

We ran into different issues trying to get the Barracuda NG Firewall to scan mail traffic. This only works if the firewall is used as a mail gateway. When we passed mail through the NG Firewall without using the mail gateway, and lost all capability to scan for malware.

When it comes to picking the best anti-malware, we found strengths and weaknesses in all of the products. Certainly SonicWall and Fortinet turned in the best results in our filtering, but we think that the Check Point Security Gateway's anti-bot feature and unified URL filtering and application control features gives it a slight advantage, even if doesn't have the best anti-malware engine. The problems that came up in testing the Barracuda NG Firewall may be resolved in the next version of the product, but for now they cause us to rank the product below the competition.

Read more about wide area network in Network World's Wide Area Network section.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question