Coming October 25: PeerSpot Awards will be announced! Learn more

Check Point Remote Access VPN OverviewUNIXBusinessApplication

Check Point Remote Access VPN is #3 ranked solution in top Enterprise Infrastructure VPN tools and #4 ranked solution in top Remote Access tools. PeerSpot users give Check Point Remote Access VPN an average rating of 9.0 out of 10. Check Point Remote Access VPN is most commonly compared to Fortinet FortiClient: Check Point Remote Access VPN vs Fortinet FortiClient. Check Point Remote Access VPN is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 19% of all views.
Check Point Remote Access VPN Buyer's Guide

Download the Check Point Remote Access VPN Buyer's Guide including reviews and more. Updated: September 2022

What is Check Point Remote Access VPN?

Remote secure access VPN is a solution that provides users with remote access to an organization’s network. The host may have VPN client software loaded or use a web-based client. The solution leverages security features like multi-factor authentication, endpoint scanning, and encryption of all data in motion.

Check Point Remote Access VPN provides individuals with protected and efficient access to a company network from anywhere. This strategy fosters collaboration and connectivity between distributed teams and offices.

Features of Check Point Remote Access VPN

Key features of the secure remote access VPN include:

  • Compliance Scanning

The system enforces endpoint security with endpoint compliance. It monitors and verifies the security status of each endpoint and reports back to the Security Gateway. The gateway, in turn, checks the compliance level and directs the connectivity to the right resources.

  • 3 Deployment Options

Users can deploy the Remote Access VPN in one of three ways:

  1. Integrated with an Endpoint Security solution. In this case, you get a firewall, an application control (not in macOS), the remote access VPN, and compliance features included in the package.
  2. As a Standalone Check Point Mobile for Windows. This package includes a remote access VPN and compliance features.
  3. As a Standalone Secure Remote. This tier only includes the Remote Access VPN.
  • Central Management

Remote Access VPN is centrally managed. The centralized console enables management and enforcement of policies with a single log-in.

  • Mobile Access Option

The Remote Access VPN has a web portal that users can use to connect securely to corporate applications, such as web-based resources, file-sharing, and email. Administrators can customize the web portal to match the brand identity.

  • 2 Remote Access Options

Remote Access VPN offers two choices for remote access:

  1. SSL VPN Portal: Includes the mobile access web portal, an SSL network extender, Check Point Mobile for iOS and Android, and a capsule workspace for iOS and Android.
  2. Layer 3 VPN Tunnel: Includes the endpoint security remote access VPN, Check Point Mobile for Windows, the capsule connect for iOS and Android, the VPN plugin for Windows 8.1, and the capsule VPN for Windows 10.
  • Authentication Support

The authentication features include password management, RADIUS challenge/response, CAPI software, and hardware tokens. P12 certificates, and SecurID.

  • Encryption Tunnel

The system establishes a VPN tunnel on demand. It also re-arranges connections when roaming. The tunnel can automatically tear down when the user is on the corporate LAN.

  • Connect Options

There are several connection features, such as Hotspot detection, office mode IP, split tunneling, and automatic fallback to HTTPS.

Benefits of Check Point Remote Access VPN

One of the key advantages of Remote Access VPN is that it provides remote workers with a secure way to connect to a corporate network from any device, including their personal devices. The data encryption in transit enables them to securely access the resources they need for their tasks.

It also provides IT support and technicians with a faster way to troubleshoot software issues. In the case of a ticket, IT doesn’t need to go to the server location to fix the problem but can troubleshoot it remotely.

A remote secure access VPN is also an affordable alternative for small and medium-sized businesses, without requiring expensive infrastructure.

Reviews from Real Users

A Global IT Network and Security Service Senior Specialist at a manufacturing company who uses Check Point Remote Access VPN says, "I found the MEP feature the most valuable. This has improved users' latency allowing the users to connect to the nearest Azure Check Point VM."

"Organizations that already use the Check Point NGFW Solution do not require any additional hardware, which makes the implementation straightforward and reduces the time to go live," explains Basil D., Senior Manager at a financial services firm.

Manuel B., a Voice and data infrastructure specialist at a tech services company, says that "The IPSec VPN, Mobile Access, and Identity Awareness are three of the blades with which we have been working with since the pandemic. This has given us great mobility, making our network more dynamic."



Check Point Remote Access VPN was previously known as Check Point Remote Access VPN, Check Point Endpoint Remote Access VPN.

Check Point Remote Access VPN Customers

Osmose, International Fund for Animal Welfare (IFAW)

Check Point Remote Access VPN Video

Check Point Remote Access VPN Pricing Advice

What users are saying about Check Point Remote Access VPN pricing:
"Organizations that already have the Check Point NGFW need to purchase an additional license to have access to the VPN functionality."

Check Point Remote Access VPN Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
PeerSpot user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Enables users to easily work from home
Pros and Cons
  • "The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage."
  • "We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in there. But for Linux machines, they don't have a full client to install. It is important because we have some users that use Linux and they don't have a specific application from Check Point to use. That is something that could be improved."

What is our primary use case?

We use Check Point Remote Access VPN to provide access to employees and to the company resources, especially now that most people are working from home. That's the main use. We also use it for specific companies that give us remote support to some applications. They access our company servers and resources. We're using Remote Access VPN with a specific profile for them that only gives access to some.

We have two environments. Our firewalls and our perimeter firewalls are Check Point. The firewall connects to the internet and those firewalls are the ones that the people connect to for the Remote VPN. We have the Blade enabled and they access the company resources as if they were working at the office.

How has it helped my organization?

Remote Access VPN allows users to work from home very easily. They are very happy with the way they log in with RSA. That's why we use the Foo. It's very stable. We didn't have any issues.

Compared to Pulse Secure, Check Point saves us a couple of hours a week. It's easier to reverse when we have issues. At the moment, most of our company still uses Pulse Secure. But a year ago, we also started deploying some people on Check Point so that we have another option. If we don't want to renew with Pulse Secure the client says we can migrate everyone to Check Point as we already have some people working on the Check Point VPN. 20% of the company uses the Check Point VPN and the rest uses Pulse Secure, which is our main VPN, which is around 100 people.

What is most valuable?

The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage. 

The integration with two-factor authentication for Remote Access users is another valuable feature. In our case we use RSA.

Those two are the most valuable aspects that we have on the solution. It also gives us the possibility to securely connect to the company resources, without Check Point security measures.

Another good thing we like is that we already have all the logs from the firewall on the SmartPortal as the remote VPN also integrates into the firewall. We can see all the logs on the same tool because we also have a fully secure solution for Remote Access VPN. For full security, we need to manage the different hardware from the firewalls and the logs that are not in the same place. This is another valuable aspect of this solution. 

Having access to those logs affects our security operations because if a user calls the support but does not have access to the VPN, we can see on the same tool on the SmartPortal. If he's being blocked on the firewall policy, you can see it with the VPN profile.

If the user is using Foo, we need to go to the Check Point firewall to see the Check Point firewall log on the perimeter firewall, to see if the user is crossing the firewall to get the Foo. Then we need to go to the supplier to see that the logs are there. So we need to go to two places.

What needs improvement?

We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in there. But for Linux machines, they don't have a full client to install. It is important because we have some users that use Linux and they don't have a specific application from Check Point to use. That is something that could be improved. 

Buyer's Guide
Check Point Remote Access VPN
September 2022
Learn what your peers think about Check Point Remote Access VPN. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,539 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Check Point Remote Access VPN for around one year. 

What do I think about the stability of the solution?

We don't have any stability issues.

What do I think about the scalability of the solution?

It is very scalable in a way that we can share the configuration for Remote VPN amongst our perimeter firewall so we can implement the Remote VPN with the same profiles and the same configuration easily on all of them. It's very scalable.

We are still studying the possibility of migrating everyone to Check Point VPN, but a decision has to be made because we still have a lot of people using Pulse Secure.

How are customer service and support?

We haven't used technical support specifically for Remote Access VPN. We use it for other products, but not for this one. In general, their support is good, especially if you work with the Israel team. Because of the time zones, we try to call when they are available. The support is usually in. The other ones are also good but in most cases, the Israel team is better.

Which solution did I use previously and why did I switch?

Our team finds that Pulse Security is a bit difficult to configure. It's not very straightforward. We are used to it now. Management is easier on Check Point. Our managers wanted us to have to study some alternatives to Pulse Secure so that if the price was too high, or if we wanted to move to another solution, we would already have an idea about other solutions. We chose Check Point as we already had the firewall. It has worked well until now. We already have some people using the Check Point VPN and we are ready to move everyone. 

Pulse Secure was more difficult because of all the things that you need to for the setup. You need to do four or five things to set up a profile and some of them don't make any sense. It's difficult for a person that's never used Pulse to understand the philosophy of the configuration and to create different profiles. It's not very straightforward.

How was the initial setup?

The initial setup was straightforward, especially because we already have the firewall implemented. So we only needed to enable the features and do some configurations, which were not hard to do. They were really fit. 

It took two days. We did our own thing. The implementation strategy was to first have only two or three users from the IT team to test it. Then we allowed it to extend to some teams.

What about the implementation team?

Two team members did the deployment. 

We require three full-time network security engineers for maintenance. We manage all the solutions on the security side of our company. Specifically Remote Access VPN requires three hours of maintenance a week.

What was our ROI?

The return on investment is that we have a stable VPN solution to provide our employees, which is very important. Especially now with the virus, we have more than 50% of people working from home and using the VPN solutions. Our return on investment is the ability to allow people to work remotely in a secure way and a stable VPN.

What's my experience with pricing, setup cost, and licensing?

As far as I'm aware, Check Point is on the same line of pricing with Pulse at the moment. It's not any different. It is in line with the competition. There are no additional costs that I'm aware of. 

What other advice do I have?

It's not hard to deploy the solution. Remote Access VPN is easier to deploy than some other solutions like Pulse Secure.

If you already have a Check Point firewall, this remote solution is a win-win because you don't need to buy, manage, or do a hardware refresh when you enter the end of life. You will have centralized logs on the same tools. If you have a Check Point firewall, this solution is the best for you.

I would rate Check Point Remote Access VPN a nine out of ten. 

It works very well. I would say it's almost the perfect solution. As far as I'm aware, it's one of the oldest solutions from Check Point. So it's very, very stable. They have a lot of years of working with it.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Alex Tremblay - PeerSpot reviewer
Cyber Security Manager at H2O Power
Real User
Top 20
Scalable with a unified platform and good integration
Pros and Cons
  • "The solution has been solid for me for over five years."
  • "The ability to allow split-tunneling while still following our corporate policy needs to be on the table."

What is our primary use case?

In our environment, we have many users working remotely. It's important to control the flow of traffic coming and going to these remote employees, and isolate traffic when used for business purposes. We have to allow our remote users to access services from home as though they were in the office. However, at the same time, we need to control that traffic and make sure it conforms to our policy. Our environment is complex and requires advanced policies to look at traffic in very unique ways from different users. Check Point's policy management has allowed us to do that.

How has it helped my organization?

At the beginning of the pandemic, everyone rushed to get their employees working from home. Luckily for us, we already had a strong structure around how remote access would work and had it set up for many employees. 

With the groundwork in place, the transition to remote work was made easy by simply adjusting the policy (configuration). In part, this is because we were already prepared for a remote workforce, and that preparation came from within our organization, however, if it weren't for Check Point enabling us to adjust rapidly, then it would not have been an easy transition.

What is most valuable?

The unified platform view is great. Being able to manage NGFW alongside our Remote Access Policies allows us to control traffic in one way. Be it if our users are at home or in the office the same policy applies to them allowing us to have one corporate view on the traffic within our organization.

Being able to integrate the policy with things like Active Directory groups, Azure cloud objects, RADIUS integration, and load balancing capabilities is wonderful. All of these things are built into their NGFW policy which we leverage to implement on our Remote Access policy.

What needs improvement?

The ability to allow split-tunneling while still following our corporate policy needs to be on the table. Right now, in order to allow the same policy to apply, the users' traffic must be routed up to our NGFW before going out to the internet. Having a method to apply the same policy to the client for outbound traffic while connected to the VPN would be huge.

Some things like the compliance aspect of the VPN Client can be updated to bring it a little more modern. It's very useful for checking things like Windows Updates levels before connecting, however, it could use a facelift since it's still quite old-looking.

For how long have I used the solution?

I've been managing Check Point's Remote Access VPN for five years at my current employment, and had used it before at a previous employer.

What do I think about the stability of the solution?

The solution has been solid for me for over five years.

What do I think about the scalability of the solution?

I get the impression this could scale up to whatever you need. Scaling issues might only be moving to clustered resources and setting up load balancing on gateways. Once you get big enough you should be able to scale up to your needs.

How are customer service and support?

Support has been great 98% of the time. There's always one bad experience, yet, overall I wouldn't rate them based on that. If they need to get their experts online to help solve a problem, they have plenty and are willing to work through really deep subjects. I never worry with their support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

At our organization, we did not use another solution before this. That said, I have used other products in the past. It's been many years, so I'm sure those other vendors have had time to update their products too, however, since I've been managing Remote Access with Check Point, I've always been really impressed.

How was the initial setup?

Setting up the VPN Clients is simple once you've already got the gateway in place. If you have to setup the Gateway, it will take a bit of knowledge and expertise.

What about the implementation team?

Our in-house team set it up. That said, I have been working with network devices for a long time.

What was our ROI?

ROI on the VPN User license itself returns within a couple of months of you using it. However, if you have to make the investment into buying gateways for the product, then the ROI could be one year (if your whole organization is working from home), or up to three years if you barely use it.

What's my experience with pricing, setup cost, and licensing?

You need to be an NGFW customer already. Otherwise, you'll need to purchase the gateways in order to terminate the VPN. That much should be obvious to anyone. Once you have the gateway in place, there is a VPN User license you need to purchase, however, it is very minimal in cost compared to other infrastructure.

Which other solutions did I evaluate?

We inherited the Check Point when we took over. Then, when the topic of remote access came up, it made sense to use what we had and just buy additional licensing rather than buy a whole new product.

What other advice do I have?

Check Point products are typically not cheap, however, I've found it's often due to the fact that you can do a lot with it. 

I recommend Check Point products to anyone who is going to have the time and expertise to administer them. You're going to be able to do what you want to do, engineer a design that works for you. If you want to just plug it in and forget about it, then this might not be the product for you. That said, for those who do just want to plug something in and forget about it, I warn you to be cautious. When it comes to Remote Access, you don't want to ignore this. You want to be looking at it and you want to monitor it, otherwise attackers will take advantage of that weakness. This is where Check Point allows you to monitor the edge, while granularly controlling it.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point Remote Access VPN
September 2022
Learn what your peers think about Check Point Remote Access VPN. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,539 professionals have used our research since 2012.
Global IT Network and Security Service Senior Specialist at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
Reasonably priced and scalable but you need to use the CLI for a lot of configurations
Pros and Cons
  • "I found the MEP feature the most valuable. This has improved users' latency allowing the users to connect to the nearest Azure Check Point VM."
  • "You have no ability to reserve a total number of licenses. The VPN user licenses are assigned per gateway, and if you enable MEP function is not so easy to size the gateway licenses."

What is our primary use case?

We've used Check Point VPN to move from an on-premise VPN Cisco product to a VPN built on the cloud. We decided to use Check Point as it was fully integrated with Microsoft Azure and present on the Azure marketplace. We deployed this solution on different subscriptions and used the MEP function to reduce users' latency on the VPN. The implementation has not been very easy, and the implementation of MEP has taken months. There were a lot of hotfixes to install, and the CLI configuration on the files had to be done. The configuration, in fact, can't be implemented using a GUI.

How has it helped my organization?

The solution has allowed us to remove the on-premise VPN solution and to remove firewalls from the data center. The solution implemented on the cloud allows us to easily scale in cases of increased users - such as during the pandemic, where all users had been moved to Smart working and to a VPN. In fact, in February of 2020, when we closed all of our offices and gave all users the possibility to work from home, we had licenses and CPU problems on-prem. The Check Point solution offered us an unlimited number of users and that made the solution very scalable.

What is most valuable?

I found the MEP feature the most valuable. This has improved users' latency allowing the users to connect to the nearest Azure Check Point VM. 

The Multiple Entry Point (MEP) is a feature that provides high availability and load sharing solution for VPN connections. A security gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the security gateway that makes the internal network "available" to remote machines. If a security gateway should become unavailable, the internal network is no longer available as well. An MEP environment has two or more security gateways to both protect and enable access to the same VPN domain, providing peer security gateways with uninterrupted access.

What needs improvement?

The main problem with Check Point is that some configuration can be done with the smart console in GUI, however, some others need to connect to the firewall via the CLI on SSH and therefore you will need to modify the local file on the firewall with VI. 

ASA is so easy to reserve some static IPs based on users, however, in Check Point, it is really difficult to do so. In addition, you can't reserve as static some IP that you are assigned dynamically to a local pool. 

You have no ability to reserve a total number of licenses. The VPN user licenses are assigned per gateway, and if you enable the MEP function is not so easy to size the gateway licenses. 

The configurations that you do to modify local files are not reflected in the GUI via the smart console. 

For how long have I used the solution?

We have been using this solution since 2020.

What do I think about the stability of the solution?

The solution isn't really stable. Maybe the last versions of R80.40 and R81 were more stable, however, the upgrade (if you have another old version) is really difficult and you have to rebuild the solution (if you are on Azure cloud).

What do I think about the scalability of the solution?

The solution is really scalable. You have to know that if you want to scale the solution you will have to configure and rebuild an SMS server with high CPU/memory resources, however.

How are customer service and technical support?

Unluckily the experience with support, especially in India, is really poor. It's best if you open a case using the Israeli team as that one is better.

Which solution did I use previously and why did I switch?

Yes, we were using CIsco ASA on-premises. We switched because we were moving our data center infrastructure onto the cloud.

How was the initial setup?

At first, the implementation was not easy to set up. We found many bugs and we had to install different hotfixes and upgrade the version more than one time.

What about the implementation team?

We implemented the solution via a hybrid approach. Check Point professional service is really good, however, our third-party implementation team was not very good.

What was our ROI?

At the moment, we have not reached the ROI point.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to pay attention to the sizing of the solution. There is not an intermediate number of licenses. It's very easy to go to unlimited users licenses.

Which other solutions did I evaluate?

We have gone with the Check Point solution due to its cheap price. Other options we considered were Palo Alto with Global Protect, Zscaler with ZPA, and Cisco Firepower implemented on Cloud.

What other advice do I have?

I suggest that if you want to implement this Check Point solution you should have good knowledge of the system as well as a system integrator or direct contacts in Check Point. In case of any issue, the support is poor and it's not easy to solve issues using technical support. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Basil Dange - PeerSpot reviewer
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Supports multifactor authentication and clientless login, but the GUI should be more user-friendly
Pros and Cons
  • "Organizations that already use the Check Point NGFW Solution do not require any additional hardware, which makes the implementation straightforward and reduces the time to go live."
  • "The fully-featured security module is only supported on Windows and Mac systems, which means that organizations with Linux will face issues providing secure access."

What is our primary use case?

We use Check Point Remote Access VPN to provide access to our corporate network and resources to remote users in a secure way. Users have access that is limited or defined by the server.

Access is granted for identified devices post-posture validation. 

Access should be provided via VPN using multifactor authentication other than username/credentials. Users are able to connect from anywhere at anytime using both mechanisms (i.e. User VPN client or browser). 

This solution mitigates or minimizes data leakage issues.

It is stable and scalable and requires minimal management and access provisioning.

How has it helped my organization?

This solution has improved our organization by providing access to corporate resources in a secure fashion. It uses complete end-to-end encryption from the end-user machine to the VPN device.

Access policies are created on the firewall for restricting access to resources and applications based on the user profile/policy.

Our security gateway is integrated with Active Directory and access to resources/applications is provided based on the security group created in Active directory.

This product has inbuild/native integration with MFA solutions.  

It does not require any additional hardware in cases where the organization already has the Check Point NGFW. The mobile access blade and remote access VPN can be enabled on the same security gateway. Check Point provides a common dashboard and management console used in conjunction with the NGFW.

Multiple access can be provided using multiple realms, based on the user ID or security group, and access can be provided accordingly. Each realm will have a pool of IP addresses for which access will be provisioned on the firewall.

What is most valuable?

Organizations that already use the Check Point NGFW Solution do not require any additional hardware, which makes the implementation straightforward and reduces the time to go live. The only requirement is to purchase an additional license from Check Point, and then enable the mobile access blade. After this, the solution is ready to roll out and provide access based on the configured policy. 

Access is restricted based on user ID, security group, and device type. 

Access is provisioned post-posture policy validation and it offers protection against users connecting to the corporate network from non-corporate devices, which minimizes data leakage possibilities. 

Access is available from browsers or VPN clients using MFA. This is helpful in cases where the machine does not have the client installed or the client is corrupted.

We are able to restrict access based on geo-location and device type. Devices can be Android, iOS, Windows, or Linux.

It provides threat prevention capabilities while uses connect via VPN for Windows devices.

What needs improvement?

Access is provisioned based on a single L3 tunnel being established between the endpoint and the VPN device. If an attacker gains access to this session then all of the tunnel traffic is compromised. It needs to move to next-generation style access, provisioning such as per-app VPN.

The GUI interface for configuring the SSL VPN is not user-friendly and requires expertise. 

Devices are exposed over the internet and it can lead to a security threat.

When a critical patch needs to be applied to the VPN, downtime is required for the entire NGFW. This can impact the business when it has a single security gateway.

This product cannot manage sudden user growth, as each security gateway has limitations in terms of performance and throughput.

The fully-featured security module is only supported on Windows and Mac systems, which means that organizations with Linux will face issues providing secure access. Specifically, modules such as Threat prevention, Access control, and Incident analysis are supported only on Windows and Mac.

What do I think about the stability of the solution?

It's very stable in terms of downtime, although it required updates.

What do I think about the scalability of the solution?

The solution can be easily scaled by adding a security gateway.

How are customer service and technical support?

The Check Point technical support is excellent.

Which solution did I use previously and why did I switch?

We used Aventail SonicWALL as a standalone product. We switched because it was expensive in terms of management and maintenance. As we already had Check Point NGFW, it was easy to enable the VPN on the same device.

How was the initial setup?

Enabling the VPN was simple and straightforward with the purchase of an additional license from the OEM. Once we acquired the license, it involved enabling the module on the security gateway. The solution was ready to go live within 10-15 minutes.

What about the implementation team?

The implementation was completed by our in-house team with the assistance of the OEM.

What's my experience with pricing, setup cost, and licensing?

Organizations that already have the Check Point NGFW need to purchase an additional license to have access to the VPN functionality.

Which other solutions did I evaluate?

We evaluated Pulse and Citrix before choosing this option. 

What other advice do I have?

Traditional VPNs that work on L3 or L4, with a single VPN tunnel, are typically hosted on-premises. As organizations are adopting cloud computing, it makes sense to have a VPN solution hosted on the cloud for better control and security.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Technical Manager at M.Tech
User
Top 5
Flexible authentification, good integration, and helpful compliance capabilities
Pros and Cons
  • "Setting policies allow, block, and limit users' access."
  • "Compliance Check on Check Point should be improved by having more configurable conditions to support multi-platforms and adding more granularity."

What is our primary use case?

Check Point Remote Access VPN allows organization users to work remotely. Especially in the pandemic period, work-from-home demand has been higher than ever. 

I have a remarkable case about the solution. That is for a bank. They want to have remote access VPNs that can provide connections for internal users who work remotely, partners who have restricted connections to the bank environment and ATM machines that connect to core banking applications. All VPNs acted in the same internet connections but still ensure these three VPNs were separated from each other. For the requirements, deploying the VPN in VSX appliances helped to solve issues. I created three virtual instances: one for corporate users, one for partners and one for ATM machines. 

Applying security policies for three instances is different. Corporate users must pass two-factor authentication layers and then have access to common corporate services (like email, and chat) and the right business applications depending on their working role, and their department. Partners after authenticating successfully only have limited access to the right place that they are allowed while being unable to connect to other places. 

ATM machines that act 24/7 need to have continuous connections, thus, they must authenticate using a certificate and their VPN clients must be configured to re-authenticate automatically after a timeout.

How has it helped my organization?

Check Point Remote Access VPN supports almost all common devices, from Windows to macOS, and from Android to iOS. Connection methods are flexible, including browsers and VPN clients. 

With such an approach, the solution can solve every remote working problem from anywhere, on any device while maintaining security features. The solution allows us to integrate with external systems like directory servers, email servers, and RADIUS servers for using directory users (a unified user instead must remember many usernames and passwords), adding multi-factor authentication via an OTP certificate. VPN users will have controlled access based on who they are and where they are by security policies. 

What is most valuable?

The solution offers flexible authentication methods to control access by policies and compliance. 

Check Point can integrate with external systems and third-party solutions to provide multi-layer authentications. This helps secure the user accounts from leakage of passwords and also protects corporate from unauthorized access damage risks. 

Security policies help to convert access regulations to policy rule configurations after authenticating. Setting policies allow, block, and limit users' access. 

With the compliance feature, Check Point can define what conditions user machines should have to authenticate the VPN. This feature helps to add more security to the network.

What needs improvement?

Endpoint Security on Demand, or Compliance Check is a good feature. It allows the creation of compliance policies and adds more security to the network. Machines will be scanned once they connect to VPN to make sure all of them are compliant. Conditions to configure compliance checks are Windows security (hotfixes, patches), Anti-Spyware, Anti-Virus software, personal firewall, or Custom (application, files, registry). These are not enough in a complicated environment. Almost of them are supported for Windows machines, however, are just limited conditions for non-Windows. In fact, using mobile devices on Android, iOS, macOS, and Linux is very popular. Compliance Check on Check Point should be improved by having more configurable conditions to support multi-platforms and adding more granularity. 

Besides compliance scanning sometimes causes consumes machine resources. 

I also suggest scanning operations will consume fewer resources and increase speed time.

For how long have I used the solution?

I've been using the solution for more than five years.

What do I think about the stability of the solution?

As mentioned in my use case, the solution is running for thousands of corporate users, partner users, and ATM machines. The performance is very impressive. 

What do I think about the scalability of the solution?

With Check Point VSX, the virtual instance extension is just an additional license, thus, it's very easy to add VS for other purposes. Besides Check Point also developed Maestro technology to allow hyperscale, increase throughput, and maximize capacity.

How are customer service and support?

The Check Point Support Team is very professional and has technical expertise. The team is online 24/7 to make sure their customers always be supported. Response time to the customer is quick enough when they provide a solution to fix the issues or when they need some time to investigate or when they need some time to investigate they stay up to date.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I had used Fortinet Remote Access VPN before. At that time, other security features like Firewall, IPS, Application Control, and URL Filtering had been added to the same box running Remote Access VPN. The Fortinet appliance was overloaded all the time - although specifications in the datasheet could be OK. After changing to Check Point (using Remote Access VPN with other security features), the performance was amazing. CPU and memory usages were always at an average level.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
SaifKhan1 - PeerSpot reviewer
Network Security Engineer at a consumer goods company with 201-500 employees
Real User
Top 5Leaderboard
Easy to download, set up, and configure
Pros and Cons
  • "The solution offers high scalability as far as adding more users."
  • "This is the best version we are using, however, if some changes can be made in the next release, I'd like to see adjustments to the time period and internet connectivity."

What is our primary use case?

With this solution, we can:

1) Securely and privately access our data from anywhere with the Check Point VPN. 

2) Connect securely from any device and any asset.

3) Have 2FA enabled while connecting to the VPN in an official mail. If any person has your VPN credential, he can initiate contact for security codes to connect to the VPN.

4) Integrate our data.

5) View VPN events from the console.

6) Easily install and connect the VPN. 

7) Provide colleagues with secure and seamless remote access to the corporate network.

8) Get a full picture with complete network visibility.

How has it helped my organization?

The product has improved the organization by:

1) Deploying high performance. Check Point's private VPN gateways can secure our colleagues/teams working remotely with dedicated IPs and provides private resource access. It empowers our personnel to connect with relevant access permissions to access corporate resources.

2) Ensure a user of our organization aligns with traffic privacy with one of many tunneling protocols so that all transmitted data is completely encrypted. The level of security provided by Check Point ensures that only authorized connections are established, so if users are connected, they are protected.

What is most valuable?

The solution's most valuable aspects include:

1) Ease of install and ease of use.

2) 2FA Security.

3) Seamless access.

4) Integration with our data.

5) The ability to view VPN events from the console.

6) The ability to manage all our devices from one platform and easily secure and segment their access to resources. 

7) Providing authorized least privileged access for all devices.

8) The ability for our entire global organization to work more securely and to allow us to deploy private and dedicated networks in more than one location.

9) The level of security provided by Check Point. It ensures that only authorized connections are established, so if users are connected, then they are protected.

What needs improvement?

This is the best version we are using, however, if some changes can be made in the next release, I'd like to see adjustments to the time period and internet connectivity. 

For example, when my internet is not working properly, then the VPN disconnects all of sudden and if I want to connect again, I need to do so with credentials and 2FA. In the next release, if the product could program in a hold time then disconnect the VPN due to the internet's fluctuation, that would be ideal as it would improve the way we can monitor our network visibility.

For how long have I used the solution?

I've been using Check Point Remote access VPN from a Client perspective for eight months.

What do I think about the stability of the solution?

It is perfectly stable as far as the VPN is concerned because when I used the older version(R.77) of checkpoint Remote VPN then that time there was points of stablility concern but after the upgradation checkpoint VPN(R.80) perfectly worked on stability part and now it is stable for windows and MAC OS.

What do I think about the scalability of the solution?

The solution offers high scalability as far as adding more users. I don't see that as being an issue.

We have 330-350 users in our company who are using the Check Point VPN.

How are customer service and support?

Technical support is good and helpful when needed. Whenever I was stuck, I was able to get a solution. This was provided by the Check Point TAC support and services team and they were helpful.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Forticlient VPN also. However, the Forticlient VPN had no visibility on traffic and we required better security for our organization.

How was the initial setup?

The product is easy to download, set up, and configure. The official site documentation is pretty good and helps you to understand the process in order to get the VPN connected.

What about the implementation team?

I implemented it myself both in-house as well as for our client.

What's my experience with pricing, setup cost, and licensing?

In terms of the cost:

1) It's easy to set up and download from the official Check Point site.

2) It's easy to connect the VPN by putting in the gateway address, credentials, and the 2FA. 

3) I don't know about exact pricing as it's not a part of my job. I'm a technical person. Our sales team knows all the pricing and licensing details.

Which other solutions did I evaluate?

I did not really look at other options. My first experience was with Forticlient, however, I wanted more security so I chose the Check Point VPN solution and I'm happy with using it. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Vice President, Technology for the Americas at Engel & Völkers Development GmbH
Real User
Top 10
Great scalability, good technical support, and integrates extremely well with the Check Point firewall
Pros and Cons
  • "The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware."
  • "For Linux machines, they don't have a full client to install. For the users that utilize Linux, there needs to be an equivalent."

What is our primary use case?

We use Check Point Remote Access VPN to provide access to employees, vendors, and advisors. They access the company resources - especially now that most people are working from home over the course of the last year. We also use it for specific companies that give us remote support to some applications, such as our parent company. Our admins access our company servers and resources. We're using Remote Access VPN with specific profiles for them that only give access to some resources.

We have three distinct environments. Server, DMZ, and User/SHOP. The firewall connects to the internet and those firewalls are the ones that the people connect to for the Remote VPN. We have the Blade enabled and they access the company resources as if they were working at the office.

How has it helped my organization?

The headache of connecting has been removed. It's very stable and we don't have any issues with it connecting. We have a large majority of people that were using nothing and always coming to the office. However, since the last year, we have a whopping 75% of users that have switched to using Check Point Remote Access VPN. The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage.

What is most valuable?

The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage. 

The integration with two-factor authentication for remote access users is another valuable feature. In our case we use RSA.

Those two are the most valuable aspects that we have on the solution. It also gives us the possibility to securely connect to the company resources, without Check Point security measures.

Another great thing is that we already have all the logs from the firewall on the SmartPortal as the remote VPN also integrates into the firewall. We can see all the logs on the same tool because we also have a fully secure solution for Remote Access VPN. For full operational security, we need to manage the different hardware from the firewalls and the logs that are not in the same place. This is another valuable aspect of this solution.

Having access to those logs affects our security operations because if a user calls the support but does not have access to the VPN, we can see on the same tool on the SmartPortal and troublshoot. 

What needs improvement?

We don't have any specific complaints. We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in right from the software itself. For Linux machines, they don't have a full client to install. For the users that utilize Linux, there needs to be an equivalent. The documentation of the software needs to be more accessible. If an end-user wants to have access to customized training from the company, that should be able to be built-in. I would add that feature. 

For how long have I used the solution?

I've been using the solution for around 1.5 years.

What do I think about the stability of the solution?

The stability is good. It's a never-fail.

What do I think about the scalability of the solution?

The scalability is great. We deploy to 5000+ users.

How are customer service and technical support?

It's second to none but we haven't needed it a lot. 

Which solution did I use previously and why did I switch?

We used to use Fortinet. We switched because it was hard to deploy. 

How was the initial setup?

Just pull the trigger on a 3rd party. Not complex at all. 

What about the implementation team?

We used both a vendor and in-house talent. 

What was our ROI?

The ROI was instant and around 54%.

What's my experience with pricing, setup cost, and licensing?

Go with a third party and get it set up correctly. It may be costly but it's worth it. 

Which other solutions did I evaluate?

We didn't evaluate anything else. I knew a vendor and had used the software before. 

What other advice do I have?

Get this software installed as soon as possible. It's a smart move. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Adriamcam - PeerSpot reviewer
Consultant at ITQS
Reseller
Top 5Leaderboard
Provides safe connection, good security, and remote access
Pros and Cons
  • "The solution implemented in the cloud allows us to easily scale in cases of user increase."
  • "Sometimes it causes the consumption of machine resources, and also improves the scanning since they consume many resources in the clients' machines."

What is our primary use case?

The company needs a tool that will provide users with the ability to connect from external addresses and that is where Check Point Endpoint Remote Access VPN services were contracted, which allows users to connect to our firewall. We also have Check Point firewalls in the cloud, to which people can also connect. They can then access the resources in our on-premises environment that they need to access, such as their computers, the Intranet, Salesforce, or our production applications, and have a 100% secure connection.

How has it helped my organization?

Check Point Remote Access VPN has helped us that our users and providers can connect to our network in a safe and efficient way, with the pandemic most of our collaborators worked from home with this tool we were able to solve those connections and maintain the security of the company through policies and rules and managed to make everyone connect in an easy way, the solution has allowed us to eliminate the local VPN solution and eliminate the firewalls of the data center. The solution implemented in the cloud allows us to easily scale in cases of user increase

What is most valuable?

Check Point Remote Access VPN has helped us in that our users and providers can connect to our network in a safe and efficient way. With the pandemic, most of our collaborators worked from home with this tool we were able to solve those connections and maintain the security of the company through policies and rules and managed to make everyone connect in an easy way. The solution has allowed us to eliminate the local VPN solution and eliminate the firewalls of the data center. The solution implemented in the cloud allows us to easily scale in cases of user increase

What needs improvement?

One of the parts where the improvement of Check Point Remote Access VPN can be forced is in the compliance analysis. Sometimes it causes the consumption of machine resources, and also improves the scanning since they consume many resources in the clients' machines.

Another point to improve is to program a timeout if the VPN is disconnected due to an internet problem. One complication that we found is that the Linux machines do not have a complete client to do the installation and that has not delayed a bit with our users who use this type of operating system

For how long have I used the solution?

This solution has been used for approximately two years in the company.

What do I think about the stability of the solution?

It's very stable in terms of downtime. The performance is very impressive.

What do I think about the scalability of the solution?

The solution can be easily scaled by adding a security gateway and general security and is very robust.

How are customer service and support?

On some occasions, we have had problems. Sometimes it takes a long time to resolve a case while on other occasions they resolve very quickly.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

There was no type of tool that would supply these qualities.

How was the initial setup?

The configuration was very simple. The application is a very user-friendly tool apart from training and courses for implementation.

What about the implementation team?

A Check Point engineer who had a lot of experience in his work helped us with the implementation.

What was our ROI?

Mainly, it offers stability and detects behaviors, and gives users (and administrators) a level of trust as they go about their daily work. It introduces a lot of granularity to our policies.

Another feature that has been helpful is the sandbox feature. Many companies offer this type of thing now, however, Check Point has been offering it for quite some time.

What's my experience with pricing, setup cost, and licensing?

Check Point manages to provide good cost in its products and it is worth making the investment since this solution can prevent a collapse in the organization.

Which other solutions did I evaluate?

Check Point was always our first option with this type of solution since many security teams are from Check Point.

What other advice do I have?

One of the main aspects of importance in a company is the security of the computer platforms. When making an investment with these tools you are taking care of an important patrimony that will double your profits.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Check Point Remote Access VPN Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free Check Point Remote Access VPN Report and get advice and tips from experienced pros sharing their opinions.