Coming October 25: PeerSpot Awards will be announced! Learn more

Check Point Application Control OverviewUNIXBusinessApplication

Check Point Application Control is #1 ranked solution in top Application Control tools. PeerSpot users give Check Point Application Control an average rating of 9.0 out of 10. Check Point Application Control is most commonly compared to WatchGuard Application Control: Check Point Application Control vs WatchGuard Application Control. Check Point Application Control is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 25% of all views.
Check Point Application Control Buyer's Guide

Download the Check Point Application Control Buyer's Guide including reviews and more. Updated: October 2022

What is Check Point Application Control?


Check Point Application Control provides the industry’s strongest application security and identity control to organizations of all sizes. It enables IT teams to easily create granular policies, based on users or groups, to identify, block or limit usage of thousands of Web applications and widgets.

Learn more about Application control software

Check Point Application Control Customers
SEB, Luma Arles, Terma, Aerospace, Midwest Rubber
Check Point Application Control Video

Check Point Application Control Pricing Advice

What users are saying about Check Point Application Control pricing:
  • "The blade has its cost but you can take advantage of the license package to pay less for it."
  • "I think application control has become a basic feature and it should be enabled automatically, without having to purchase a separate license for it."
  • Check Point Application Control Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    PeerSpot user
    Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
    Real User
    Top 5Leaderboard
    Enables us to block employees from downloading illegal content that would harm the company image
    Pros and Cons
    • "Check Point enables us to save internet bandwidth. The administration offers good guidance. We don't want the employees to access social networking on work computers because it will distract them from their jobs, so we can block that. It also helps us to implement changes very quickly and to get people to be more focused on the job."
    • "The whitelisting approach should only be on very specific applications. In which only a server should access a certain application and nothing else. If you miss something, you will have to always be investigating why it doesn't have access or why an application is not working."

    What is our primary use case?

    Our primary use case of Check Point Application Control is to filter which application categories we want to allow our organization members to have access to so that they are secured. For example, we don't allow access to malicious applications and some categories that could be threats. We only allow organization members to access secure applications and applications that are aligned with the company's strategy. 

    It also enables us to save internet bandwidth by filtering applications that are not work-related.

    How has it helped my organization?

    Check Point enables us to save internet bandwidth. The administration offers good guidance. We don't want the employees to access social networking on work computers because it will distract them from their jobs, so we can block that. It also helps us to implement changes very quickly and to get people to be more focused on the job. 

    We can block employees from downloading illegal content that would harm the company image with our IPS. If an employee downloads torrents with movies that should be paid for,  they can detect that it's our company's IP. We could be fined and it could be good damage to the company image. So we block those kinds of applications.

    What is most valuable?

    The features are very granular. You can block Facebook Chat but allow Facebook itself. The big database and the easy configuration are also valuable features. 

    What needs improvement?

    I think Check Point Application Control is one of Check Point's most complete solutions. It has had a lot of years for improvement. I don't see anything that we need to be improved. It does everything that we would need. It always applies new applications. It does what we need it to do. We don't need to select a specific application if we don't need it, it can be selected by category. The solution is very complete. 

    Buyer's Guide
    Check Point Application Control
    October 2022
    Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
    634,775 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using Check Point Application Control for eight years. 

    What do I think about the stability of the solution?

    The solution is stable. We didn't have any specific issues. 

    What do I think about the scalability of the solution?

    It's scalable in a way that you can use the same application and filter objects on all the gateways that you have under managers. You can define one profile applied to all firewalls.

    There are around 1,000 users in our company who are affected by Application Control. 

    Four network security engineers are responsible for the maintenance. 

    We deployed only on the perimeter firewalls. If we need to add some more perimeter firewalls, we will deploy to that as well.

    Which solution did I use previously and why did I switch?

    We specifically chose Check Point because we needed to filter internet access. It was already in place in some firewalls when I came to my company. My colleague implemented it on some other firewalls. It was already placed in one or two firewalls. 

    How was the initial setup?

    The initial setup was straightforward. We generally use the blacklist method for Application Control. That is where you select which application categories and specific applications you don't want to be accessed and then you allow everything else. This method is easier than what we did in the past where we tried to do it the other way. We would only allow specific applications for a specific project and then deny everything else. But then there was always something missing because the machine would need to update and we would need to have a new application. There was always something being blocked that shouldn't. 

    It took us about one week to define the strategy and then two to go through the list of categories that were available to define which we would deny. We would also discuss with the GRC team and get guidance from the administration. 

    What was our ROI?

    Our ROI Speaker is that it adds another security measure that doesn't allow employees to access websites and applications that can harm our company, and by keeping the company's IPS reputation clean. It also blocks categories like social networking and gambling. Those kinds of categories also increase productivity and decrease internet link usage for things that don't interest the business.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is in line with the competition. Licensing is not complicated. The license application is straightforward and it functions well. There are no additional costs that I'm aware of. 

    What other advice do I have?

    My advice would be to deploy Application Control with a blacklist approach. In which you select which application categories to block and accept others. Otherwise, from our experience, it's a mess. It's much more easy and efficient than doing the whitelist approach, in which you would select what you would allow and block off the rest. It can forget to add a category or an application that is needed and so you will always need to be adding them on a request basis.

    The whitelisting approach should only be on very specific applications. In which only a server should access a certain application and nothing else. If you miss something, you will have to always be investigating why it doesn't have access or why an application is not working. 

    We tried to do a whitelist approach on a specific environment, but we gave up because it was starting to get to be a bit messy. Some servers only need it to go to the internet to do some updates on some applications. They shouldn't access any other categories. That was always something that was not working because some application was categorized as technology and it was also categorized as, for example, social networking.

    The biggest lesson is that it's very important to have Application Control on the company's internet access. A previous company I worked at, got a court letter saying that our IP downloaded two movies from torrents. The company got a final warning that if our IP would be caught downloading illegal stuff again we would have problems and so the company implemented Application Control. It's very important for the company's IP reputation and also for employees to be focused on their job. You can block malicious applications which gives you another level of protection and also reduces internet link usage.

    I would rate Check Point Application Control a ten out of ten. 

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    User
    Reliable, reduces management requirements, and lessens manual interventions
    Pros and Cons
    • "Being able to choose specific applications in our policy rule base in order to better manage access and bandwidth utilization has had a significantly positive impact on our environment and saved a lot of management time."
    • "One of our continued challenges is having a more accurate, real-time view of how our bandwidth is actually being used at any given moment."

    What is our primary use case?

    Our K-12 school district is currently leveraging the Check Point 6800 Gateway hardware appliance, which is running version R80.30.   

    The management station runs as a virtual machine in our VMWare environment with Cisco UCS & EMC (storage) hardware and Cisco networking architecture. In addition to the exceptional performance of the hardware and extensive Firewall abilities, we manage end-user traffic related to the applications. We use the solution primarily in the social media and entertainment arenas. This feature allows us to reduce unnecessary use of our already limited bandwidth.

    How has it helped my organization?

    Prior to the newer Application Control tools, from Check Point, we didn't have nearly as much in-depth access to manage traffic in the port 80 and 443 pathways.  

    As a result, we were regularly pushing the high end of our already limited bandwidth. Though we did have web/URL filtering technologies deployed, our users still had quite a bit more access to media resources that presented a distraction in our environment. The Application Control, allows us to better manage bandwidth at a more granular level.

    What is most valuable?

    Being able to choose specific applications in our policy rule base in order to better manage access and bandwidth utilization has had a significantly positive impact on our environment and saved a lot of management time. This feature allows us to apply all the relevant protocols from a single application "package."  

    In years past, we used to have to spend a lot of management time manually diagnosing the end-user traffic in an *attempt* to determine what sites, protocols, and ports were being used by the resource. Then, we would have to create specific rules to affect that traffic, before we could regularly monitor the traffic for any unexpected rouge behavior.

    What needs improvement?

    One of our continued challenges is having a more accurate, real-time view of how our bandwidth is actually being used at any given moment. A feature that could really offer a lot of insight into the live traffic would be a high-quality, real-time traffic graphical monitoring module. Administrators could then "mouse-over"  any point on the graph to reveal additional information at a very granular level. The information that could be presented would include data such as the service/app used, the specific network or IP, the date/time, etc.

    For how long have I used the solution?

    I've used Check Point since the late 1990s. I've used this solution for several years.

    What do I think about the stability of the solution?

    We've had zero issues. It's a solid product.

    What do I think about the scalability of the solution?

    My impression is that with all the recent features and abilities added to the application control section, it should be able to scale very nicely.  I would anticipate that managing traffic at the application level would be far more efficient than in the past, with the option of creating fewer rules to accomplish the same goal.  Being able to group or, "package," together a number of similar applications that contain all the relevant protocols, will be a big benefit over time.

    How are customer service and support?

    As the product has performed well, we have had little interaction with Check Point's customer support. We have been reasonably satisfied, during the limited times of engagement.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We have been using the Check Point firewall suite of products, since the floppy disk installation days.

    How was the initial setup?

    We had the guidance and aid of a partner vendor and it was not overly complicated.

    What about the implementation team?

    We have worked with a vendor for years and have been very pleased.

    What was our ROI?

    ROI is difficult to quantify in terms of money.  However,, we can easily say that our management time has decreased and end-user activities have been more on-task.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is a bit high for our K12 organization. The setup is not painful. That said, planning is crucial - as well as a thorough understanding of your network architecture and desired outcomes. 

    Which other solutions did I evaluate?

    We did not evaluate other options.

    What other advice do I have?

    I'd advise users to go with Check Point.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Check Point Application Control
    October 2022
    Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
    634,775 professionals have used our research since 2012.
    Oleg Pekar - PeerSpot reviewer
    Senior Network/Security Engineer at Skywind Group
    Real User
    Top 5
    The control-blade significantly increased the security level from the standpoint of application visibility and filtration
    Pros and Cons
    • "The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats."
    • "I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers."

    What is our primary use case?

    Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Application Control software blade is one of the numerous blades activated on the NGFWs and serves for the security improvement in the application detection, categorization, and filtration.

    How has it helped my organization?

    The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats. The Check Point Application control-blade significantly increased the security level from the standpoint of application visibility and filtration. The blade was easy to enable and configure, and we don't see any performance penalty after the activation of it. 

    What is most valuable?

    1. The built-in database of the applications, software and the protocols is just amazing - there are more than 8 thousands available just after the blade application. In comparison, the Cisco Network-Based Application Recognition (NBAR) available on the routers provides like 200 applications.

    2. The application are categorized into group based on the purpose, like messengers, databases, games etc., and such group objects may be directly use in the Security Policies for the NGFWs.

    3. It it really simple to add new custom application definitions and groups if you need so (we use such an option for our own developed software on non-standard ports).

    4. The visibility is just great. For any security event of the Application Control blade there is a relevant log entry with all the application details (but don't forget to enable logging for the security rule in the Policy).

    What needs improvement?

    I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.

    We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.

    For how long have I used the solution?

    We have been using the Check Point Application Control for about three years, starting in late 2017.

    What do I think about the stability of the solution?

    The Application Control software blade is stable.

    What do I think about the scalability of the solution?

    The Application Control software blade scales well with the gateways we use, since it doesn't affect the overall performance much after activation.

    How are customer service and support?

    We have had several support cases opened, but none of them were connected with the Application Control software blade. Some of the issue were resolved by installing the latest recommended JumoHotfix, some required additional configuration on OS kernel level. The longest issue took about one month to be resolved, which we consider too long.

    Which solution did I use previously and why did I switch?

    We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

    How was the initial setup?

    The setup was straightforward. The configuration was easy and understandable - we relied heavily on the built-in objects and groups.

    What about the implementation team?

    In-house team - we have a Check Point Certified engineer working in the engineering team.

    What's my experience with pricing, setup cost, and licensing?

    Choosing the correct set of the licenses is essential - without the additional software blade licenses purchased the Check Point gateways are just stateful firewall.

    Which other solutions did I evaluate?

    We didn't evaluate other vendors or solutions.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    System and Network Administrator at Auriga - The banking e-volution
    Real User
    Top 5Leaderboard
    Straightforward to set up, good support, and provides a granular level of control
    Pros and Cons
    • "The most important feature, in my opinion, regarding Check Point Application Control is the granularity and the great variety of applications and sub-applications recognized."
    • "I would like to have a periodic update of the applications, perhaps based on a predefined calendar."

    What is our primary use case?

    The Check Point Application Control solution is used by us on two firewall clusters. It is used both on the inside and on the outside.

    Analyzing internal traffic helps us to understand which applications are used within our network. It does more than simply allowing or blocking traffic. It provides a report on how much these applications consume on the network and where they are used.

    On the foreign side, we only allow applications considered safe and we always use the report to identify external attacks or improper use from the inside out.

    How has it helped my organization?

    Check Point Application Control application I would define it as oxygen: you notice it when it is missing and I say this because we now think it is natural to have this module incorporated in a firewall.

    In the beginning, without this module, we were in the dark about everything. We were forced to open internal or external traffic by trusting (sorry for the nonsense) who was doing the traffic: unthinkable today!

    Now we know who does what and can give specific permissions based on the user or the group to which the user belongs. The same user can have maximum permits on the professional side but be protected himself from ending up on sites that are improper for his work activity, such as porn sites.

    What is most valuable?

    The most important feature, in my opinion, regarding Check Point Application Control is the granularity and the great variety of applications and sub-applications recognized.

    Consider that I can make multiple rules for the same user or group of users by detailing what it can do perfectly. The applications are not trivially listed but well-specified. To give an example: the Facebook application is not simple but its features are listed so that I can allow the use of Facebook but not the uploading of a file.

    What needs improvement?

    It is hard to say what has to be improved in Check Point Application Control.

    Occasionally, we have to identify an application that is not registered. I would like to have a periodic update of the applications, perhaps based on a predefined calendar.

    We would like to have the ability to submit new applications for registration, as well as request the recategorization of URLs.

    For how long have I used the solution?

    We have been using Check Point Application Control for twenty years.

    What do I think about the stability of the solution?

    I have not found any particular malfunctions so I can say that it is well implemented.

    What do I think about the scalability of the solution?

    Through a firewall cluster, I can increase the power and reliability of the system, and avoid buying a superior model.

    How are customer service and technical support?

    Customer service is very competent.

    Which solution did I use previously and why did I switch?

    We did not use another similar solution prior to this one.

    How was the initial setup?

    The initial setup was straightforward.

    Setup is made easy by using logs. As a first rule, I put the blocking of applications that come to mind, then a rule of allowed applications specifying all applications. By looking at the logs, I will be able to refine the rule by populating that of blocked applications and creating one of the allowed applications.

    For maximum security (but maximum limitation), I can put at the end a rule that blocks everything but will block both applications not previously specified and those not recognized. This rule requires having a team that looks at the logs a lot, otherwise, it is better to put it on permission and analyze it periodically.

    What about the implementation team?

    We implemented it through a team that lived up to the solution.

    What's my experience with pricing, setup cost, and licensing?

    The blade has its cost but you can take advantage of the license package to pay less for it.

    Which other solutions did I evaluate?

    We did not evaluate other options.

    What other advice do I have?

    It does not require excessive resources but if you intend to use it massively, do not underestimate the size of the firewall.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PRAPHULLA  DESHPANDE - PeerSpot reviewer
    Associate Consult at Atos
    Real User
    Top 5Leaderboard
    Good reports, great traffic control, and straightforward to set up
    Pros and Cons
    • "The product offers easy-to-install policies and makes it simple to troubleshoot application-related traffic."
    • "SD-WAN functionality can be added."

    What is our primary use case?

    Application and URL filtering is the perfect combination to block unwanted application and web browsing traffic based on the defined policy.

    Customers who don't have a dedicated proxy can utilize Check Point's Next Generation Firewall as an Application Control.

    It allows users to define policies based on source IP, user role, or group, which can easily identify traffic flow with SAML. You can allow or block traffic coming or going out to the internet for specific applications or websites.

    Most organizations take advantage of application control, which provides the most efficient and accurate results to block or allow application traffic.

    No organization requires entire access for an application running as that would cause more risk, which is not desirable. If we want to allow certain required applications, with Check Point, application control is possible.

    For customers that have database servers and public-facing servers and want to provide access to specific services, Check Point is perfect.

    With application control and URL filtering, it becomes possible to block/allow applications and sub-applications the maximum flexibility to allow for policy-based access roles. The solution offers user notifications for blocked access, time-defined policies, and bulk categorization of malicious applications.

    How has it helped my organization?

    With Check Point Application Control, it is possible to mitigate unwanted application traffic even it detects items, and allows traffic for specific ports which can be required to run the specific application successfully while blocking traffic from all remaining ports.

    We get a Smart Event Report which clearly shows us how many applications are running under the Check Point Gateway and which applications require more security rules while revealing vulnerabilities.

    Customization rules for custom applications help to define rules.

    What is most valuable?

    The application layer is the most usable feature Check Point provides to categorize and distribute the different sets of rules which work in a top-down lookup approach. This allows users to define policies separately within that particulate layer.

    By default, an implicitly cleanup rule exists.

    The product offers easy-to-install policies and makes it simple to troubleshoot application-related traffic.

    The solution is integrated with an app wiki to provide a large application database.

    Smart Event generates reports which are very useful in order to identify non-required applications running into the environment.

    What needs improvement?

    The working principle of Check Point Application Control is far different from all other vendors in the market. It basically works in parallel with security rules. Every time packet must go from policy lookup into security rules. It sometimes leads to a troubleshooting phase for which we can create application traffic.

    SD-WAN functionality can be added.

    Direct API integration for customized application features can be added.

    Load balancer functionality for application traffic might be a better option.

    What do I think about the stability of the solution?

    There is no completely stable solution. Even if you consider a competitor solution, you will face some issues from time to time.

    What do I think about the scalability of the solution?

    The scalability is based on the device throughput.

    How are customer service and technical support?

    There is dedicated TAC support for the specific blade in Check Point, which provides for a better resolution.

    Which solution did I use previously and why did I switch?

    We did a direct migration from Sophos/Cisco FTD to Check Point. This has been done for many customers and usually leads to changing application control.

    How was the initial setup?

    The initial setup is straightforward in terms of the policy configuration and licensing.

    What about the implementation team?

    We are the vendor. We can assist in implementations.

    What's my experience with pricing, setup cost, and licensing?

    The setup is very straightforward and the licensing works based on a subscription model.

    Which other solutions did I evaluate?

    We did look at dedicated proxy servers.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Technical Manager at M.Tech
    User
    Top 5
    Great features that can run on a single gateway and helpful technical support
    Pros and Cons
    • "We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth."
    • "It is expensive."

    What is our primary use case?

    Check Point's Application Control blade is a very powerful and useful tool. To use this tool we need to purchase a subscription for it or purchase a threat prevention package. 

    Our primary use case is using Application Control with Identity Awareness feature to create granular policies for users, and groups. Hence, we can control access to applications according to our internet regulations and apply them to users/groups. With the combination, even wherever users/groups are in the organization, whenever they access, they are always under control

    How has it helped my organization?

    With Application Control, we can:

    1. Block the applications with critical risks like proxies, malicious VPN tools, hidden IPs, hotspots, et cetera.

    2. Save network bandwidth by blocking the downloading tools, P2P sharing, or limiting access to entertainment/IPTV/Social Networking (et cetera) that consume the bandwidth.

    3. Increase work productivity by only allowing access to legal destinations while blocking unnecessary accesses like gambling, games, et cetera.

    4. Control data loss risk through popular channels: Facebook upload, Instagram upload, public email services (Gmail, Yahoo, et cetera), file storage, and sharing.

    5. Limit the usage of the application flexibly (like allowing users to log in to Facebook, and chat but cannot upload data, video, et cetera).

    6. Create more granular policies.

    What is most valuable?

    We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.

    The Check Point database of Application Control is the largest library and is updated periodically.

    Application categories in the SmartConsole are very clear and easy to search.

    The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.

    All Check Point security features can run in a single gateway or gateway cluster.

    What needs improvement?

    It is expensive. The application control is a subscription type, not a perpetual license. Thus, to use this feature year-by-year, customers must purchase a renewal.

    To use it effectively, you must turn on the HTTPS Inspection feature. Almost all the applications are running on encrypted connections. Without HTTPS Inspection, Check Point Gateway cannot detect the behaviors of the application. This leads to the gateway's CPU usage being degraded. In an environment of high connectivity growth or using multiple security features on the same appliance, having to handle more encrypted connections will be very stressful for the CPU.

    For how long have I used the solution?

    We've used the solution for more than five years.

    What do I think about the stability of the solution?

    It is very exact in application detection.

    What do I think about the scalability of the solution?

    The scalability of Application Control is based on Check Point Gateway. Check Point Gateway has ClusterXL that supports up to five appliances. With the developing Maestro technology, it's very easy to scale up on demand. Using this technology allows us to maximize hardware investment and appliance capacity.

    How are customer service and support?

    The support team is very professional.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I used Fortinet before, however, Check Point Application Control is the best. Check Point has the largest database that no other vendor can compare. Besides, the Check Point appliance is very stable.

    How was the initial setup?

    It's a bit complicated in terms of the setup if you are combining it with Identity Awareness and HTTPS Inspection.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Swapnil Talegaonkar - PeerSpot reviewer
    Technology consultant at a tech services company with 501-1,000 employees
    Real User
    Top 5Leaderboard
    Extensive application database, helps to secure our users, limits undesirable bandwidth usage
    Pros and Cons
    • "This product logs & monitors event traffic for each application, giving us better visibility."
    • "We expect applications to be updated regularly."

    What is our primary use case?

    We use Check Point in our internal network, as well as on the perimeter & we have used the Application control-blade on the internal firewall. All of our user traffic will be terminated at the internal firewall, hence we have done primary filtering of traffic on the internal firewall only.

    Basically, on the internal firewall, we are blocking all social networking sites, remote meeting applications, adult content, & torrent applications. This restriction helps us to save our bandwidth as well to ensure that users follow & maintain work ethics at the office premises.

    How has it helped my organization?

    Application control blades help us in two ways. The first is to allow specific applications, where earlier we have to find out all of the URLs needed for each application & then allow them one by one. Now, we now just find the application. The second way is to restrict the user from browsing unwanted websites.

    Together, these improved security & help to maintain discipline & focus at work.

    The application control-blade also helps us by providing visibility. We have an overview of application traffic & depending upon the content, we can decide to allow or deny the application.

    What is most valuable?

    Check Point has its own application database where more than 7,300 applications are known. I am able to see them using the smart console, along with details for each one. Each and every application has an accompanying category, some knowledge about the application, the protocol it uses, & the risk factor associate with it.

    Implementing application control is very simple & it is designed in such a way that we can introduce it with access policy. Also, to reduce complexity, we can create an altogether different layer.

    This product logs & monitors event traffic for each application, giving us better visibility. Updating the application database is very easy; we just have to schedule the update & the device will automatically fetch it on a regular schedule, such as every two hours.

    What needs improvement?

    We expect applications to be updated regularly.

    For how long have I used the solution?

    I have been using Check Point Application Control for more than three years.

    What do I think about the stability of the solution?

    This is one of the stable modules in Check Point.

    What do I think about the scalability of the solution?

    Scalability for application control in the Check Point gateways is good & does not take need much processing power.  

    How are customer service and technical support?

    Check Point TAC is always helpful, although particularly for application control, we have not yet raised any tickets. For the help that they have given us with other products, I appreciate the effort from the support team, as they always help us when we ask. 

    Which solution did I use previously and why did I switch?

    Prior to this, we used FortiGate but the Check Point database is far better.

    How was the initial setup?

    The initial setup is very simple.

    What about the implementation team?

    We completed the implementation in-house.

    What's my experience with pricing, setup cost, and licensing?

    I think application control has become a basic feature and it should be enabled automatically, without having to purchase a separate license for it. Alternatively, it should be available at a minimal cost.

    Which other solutions did I evaluate?

    We have not evaluated any other options.

    What other advice do I have?

    The only thing we expect from a Check Point is to regularly update their database with the new applications. Other than this, specific to the application control-blade, I have not seen any issues or problems.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    PeerSpot user
    Adriamcam - PeerSpot reviewer
    Consultant at ITQS
    Reseller
    Top 5Leaderboard
    Issue-free with good granularity and is easy-to-use
    Pros and Cons
    • "It also helps us implement changes very quickly and make people more focused on work."
    • "At the moment I don't see the need to add new features. That said, you always have to be one step ahead."

    What is our primary use case?

    Our use case for Check Point Application Control is to be able to filter and control all the categories of applications that we want to allow in our organization so that users have the necessary access and permissions and have security in using an application. 

    We only allow members of the organization access secure applications, another benefit is that bandwidth can be limited by restricting applications and unnecessary downloads of applications that are not for business use by controlling the access of gateway apps

    How has it helped my organization?

    Check Point Application Control has provided us as an organization with the ability to prevent users from entering web pages that are not allowed or that can lead to many vulnerabilities that could result in the loss of sensitive information.

    With this friendly, simple, and easy-to-use tool, we have been able to control all these inappropriate accesses. Most users cannot enter sites or applications that are not for work and with this, we have been able to monitor all these pages.

    It also helps us implement changes very quickly and make people more focused on work.

    What is most valuable?

    All Check Point Application Control features are very granular and important. The most important depends on the need of the company this feature is used.

    It also has flexibility where you can restrict certain areas of each page. For example, you can enter but not download or use a chat like in social networks. I can see them, however, not chat. This is a good thing as you can be flexible with your employees to have everything without access and allows us to be flexible with certain categories.

    What needs improvement?

    The tool has a number of features necessary for good business security. Nevertheless, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.

    For how long have I used the solution?

    This tool has been used for one year.

    What do I think about the stability of the solution?

    The solution is very stable. No problem has been presented.

    What do I think about the scalability of the solution?

    The solution provides important scalability features

    How are customer service and support?

    Since the product has worked well, we have had little interaction with Check Point's customer service.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Previously, we did not use another tool.

    How was the initial setup?

    The implementation, like all Check Point products, is very interactive and easy to install and configure.

    What about the implementation team?

    It was done with a vendor and it was very good in its work until now.

    What was our ROI?

    Our ROI is that our entire platform meets the necessary security requirements. Nothing happens in the company's infrastructure and this helps us avoid more expenses if not for having implemented a tool like this.

    What's my experience with pricing, setup cost, and licensing?

    The price is in line with the competition. They maintain an accessible and competitive price.

    Which other solutions did I evaluate?

    Options were not evaluated since our infrastructure always used Check Point.

    What other advice do I have?

    They continue to innovate. Check Point is an excellent tool in many areas.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user