What is our primary use case?
We have implemented Check Point for all our network traffic and security needs. For network traffic, we currently use on-prem solutions. Our services and servers are solely in our data centers. Our main goal is to secure our data center. This applies to all our services, whether it's email, network, or application security. All applications are thoroughly examined with our security test license. Above all, our system is set up so that the first package entering our network encounters our Check Point devices. These devices ensure that, according to our maintained policy, the package is either cleanly routed to the servers or blocked by Check Point.
What is most valuable?
The policies and port blocking are the most valuable features. We have a significant amount of spam emails passing through our network. Before this, we had a Tipping Point solution.
We previously implemented the Tipping Point solution, but it didn't work effectively in our environment. That's why we replaced Tipping Point with Cisco Check Point.
What needs improvement?
Mobile solutions should be added to Check Point because business email is also used by users on mobile devices. And that solution, I cannot process by Check Point Firewalls.
For how long have I used the solution?
We have been using this solution for six months.
What do I think about the stability of the solution?
It is a stable solution. We implemented the solution in HA. This is because the solution is highly available and can withstand hardware failures and software upgrades.
Once the solution is implemented, there is no need for any further downtime for the Check Point server. Because once we change any policy, we can break the High Availability (HA) session and define the new policy on the Check Point Security Gateway (SGW) in isolation. This allows us to test the new policy without affecting the production traffic. Once the new policy is tested and active, we can then activate it on the HA pair and bring the HA session back up. This process ensures that we can make changes to the policy without any interruption to the user experience.
It is a really stable solution. I would rate the stability a ten out of ten.
What do I think about the scalability of the solution?
It is a scalable solution. We have deployed it in our organization with over 800 users and 96+ servers. The servers are running multiple operating systems, including Windows Server 2019, Windows Server 2016, AIX, and Linux.
I would rate the scalability a ten out of ten.
How are customer service and support?
We raised a request with Check Point technical support during the implementation. If any issues persist during the downtime period, we will get support from Check Point's second-level support. However, we didn't need to use the technical backup support in the end. Our plan was to have a bulletproof plan and an expert plan, so we didn't have any incidents or problems.
Whenever we required support, they were available for us.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used Symantec as our email security solution, but we had many complaints about its slowness. We also used Tipping Point, but we had to upgrade it biweekly and their customer support was not very good. That's why we are replacing both of those solutions with Check Point.
How was the initial setup?
I'm working in IT since 1998. So in my entire career, I've worked with lots of devices and lots of data centers. So, the initial setup of Check Point was not difficult for me.
In the past, security features were most effectively used when everything was on separate hardware. But now, with virtualization and software-defined networking (SDN), we have to be more aware of security and take more responsibility to secure our entire environment.
So, in my opinion, the more experience you have in this field, the more valuable your knowledge will be. In addition to IT, I also have experience with SAP. We implemented SAP in our environment in 2008, and I was a core member of the team that looked after technical services and databases. So, I have experience in both IT and SAP.
What about the implementation team?
We did not deploy it directly. We first took a Proof of Concept (POC) from our authorized vendor. The vendor used our environment to test the product on our on-premises hardware.
Once the Proof of Concept (POC) is satisfactory, we will get approval from our management. Once management gives us approval, we will submit a downtime request to management. Once we receive the downtime approval, we will initiate a plan of action.
The plan of action will define the work tasks for each respective person, as well as technical and functional roles. This is because once the implementation is complete, the functionality of the application must be confirmed.
We will build a team and make sure that the entire team is available during the downtime. Each and every person should perform their assigned activities.
What's my experience with pricing, setup cost, and licensing?
It's priced in the moderate range. If you need 100% security, then you'll have to pay a premium price. But Check Point is a good product for the price.
Which other solutions did I evaluate?
What other advice do I have?
Check Point is a very easy solution to implement. Once you've installed it, you can simply click on a button to configure it for your network. You can also change the settings for each field as needed.
Overall, I would rate the solution a nine out of ten. It's a great solution, but the only improvement I would like to see is a mobile app upgrades.
Which deployment model are you using for this solution?
On-premises
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.