Check Point Remote Access VPN Reviews

The solution is primarily used for secure access for remote users. It's deployed as a SaaS over the cloud. 

The solution offers great security features, including zero-day protection, malware protection, anti-phishing, et cetera.

If you are new to deploying the solution, the initial setup might be difficult the first time around. I had trouble setting the policies and then resetting the device. 

I joined my company eight or nine months ago and have been dealing with the solution since then.

I don't have much information on the stability aspect of the product. I haven't spoken to customers about their experience. 

I haven't discussed scalability with customers to get their take on how easy it is. 

We haven't referred to the technical support of Check Point just yet. We did have a replacement engineer assist us in deployment, and they handled it quite well. 

Positive

There was complexity in the initial setup. With one client, once we installed it and then tried to set the policies, the firewall was not responding very well. I was doing it for the first time, so we were unable to do it. The customer was not pleased with that, so we had to send another engineer to deploy that device. That's not to say it's overly hard - it was just my first attempt at an installation.

We had three engineers handling the initial setup. We deployed it over two days. 

I'm hoping that the next time I'm deploying it, it should be done perfectly, without any support from any other engineer.

We do the implementation for our clients. 

I'm not aware of the exact licensing costs associated with the product. 

We are in the business of selling firewalls. We're resellers and Check Point partners. 

I personally have sold just the Check Point solution to only one customer. We are also selling data storage solutions, data backup, and cyber security solutions.

We are dealing with the latest version of the solution.

The solution is available both on-premises and in the cloud. 

I'd rate the solution nine out of ten. I'd recommend it to other users and companies. 

Check Point Remote Access VPN is used to allow our employees to use the corporate resources or remote access to the corporation and lightweight on resources.

The most important feature of Check Point Remote Access VPN is the multiple factor authentication.

Sometimes we have some small problems with Check Point Remote Access VPN. For example, problems with authentication.

I have been using Check Point Remote Access VPN for approximately three years.

We have approximately 1,000 users using this solution. We do not have plans to increase usage at this time.

The initial setup of Check Point Remote Access VPN is simple. The deployment took us approximately two weeks.

Check Point Remote Access VPN is not expensive and the cost is annual.

I rate Check Point Remote Access VPN a nine out of ten.

Check Point Remote Access VPN allows organization users to work remotely. Especially in the pandemic period, work-from-home demand has been higher than ever. 

I have a remarkable case about the solution. That is for a bank. They want to have remote access VPNs that can provide connections for internal users who work remotely, partners who have restricted connections to the bank environment and ATM machines that connect to core banking applications. All VPNs acted in the same internet connections but still ensure these three VPNs were separated from each other. For the requirements, deploying the VPN in VSX appliances helped to solve issues. I created three virtual instances: one for corporate users, one for partners and one for ATM machines. 

Applying security policies for three instances is different. Corporate users must pass two-factor authentication layers and then have access to common corporate services (like email, and chat) and the right business applications depending on their working role, and their department. Partners after authenticating successfully only have limited access to the right place that they are allowed while being unable to connect to other places. 

ATM machines that act 24/7 need to have continuous connections, thus, they must authenticate using a certificate and their VPN clients must be configured to re-authenticate automatically after a timeout.

Check Point Remote Access VPN supports almost all common devices, from Windows to macOS, and from Android to iOS. Connection methods are flexible, including browsers and VPN clients. 

With such an approach, the solution can solve every remote working problem from anywhere, on any device while maintaining security features. The solution allows us to integrate with external systems like directory servers, email servers, and RADIUS servers for using directory users (a unified user instead must remember many usernames and passwords), adding multi-factor authentication via an OTP certificate. VPN users will have controlled access based on who they are and where they are by security policies. 

The solution offers flexible authentication methods to control access by policies and compliance. 

Check Point can integrate with external systems and third-party solutions to provide multi-layer authentications. This helps secure the user accounts from leakage of passwords and also protects corporate from unauthorized access damage risks. 

Security policies help to convert access regulations to policy rule configurations after authenticating. Setting policies allow, block, and limit users' access. 

With the compliance feature, Check Point can define what conditions user machines should have to authenticate the VPN. This feature helps to add more security to the network.

Endpoint Security on Demand, or Compliance Check is a good feature. It allows the creation of compliance policies and adds more security to the network. Machines will be scanned once they connect to VPN to make sure all of them are compliant. Conditions to configure compliance checks are Windows security (hotfixes, patches), Anti-Spyware, Anti-Virus software, personal firewall, or Custom (application, files, registry). These are not enough in a complicated environment. Almost of them are supported for Windows machines, however, are just limited conditions for non-Windows. In fact, using mobile devices on Android, iOS, macOS, and Linux is very popular. Compliance Check on Check Point should be improved by having more configurable conditions to support multi-platforms and adding more granularity. 

Besides compliance scanning sometimes causes consumes machine resources. 

I also suggest scanning operations will consume fewer resources and increase speed time.

I've been using the solution for more than five years.

As mentioned in my use case, the solution is running for thousands of corporate users, partner users, and ATM machines. The performance is very impressive. 

With Check Point VSX, the virtual instance extension is just an additional license, thus, it's very easy to add VS for other purposes. Besides Check Point also developed Maestro technology to allow hyperscale, increase throughput, and maximize capacity.

The Check Point Support Team is very professional and has technical expertise. The team is online 24/7 to make sure their customers always be supported. Response time to the customer is quick enough when they provide a solution to fix the issues or when they need some time to investigate or when they need some time to investigate they stay up to date.

Positive

I had used Fortinet Remote Access VPN before. At that time, other security features like Firewall, IPS, Application Control, and URL Filtering had been added to the same box running Remote Access VPN. The Fortinet appliance was overloaded all the time - although specifications in the datasheet could be OK. After changing to Check Point (using Remote Access VPN with other security features), the performance was amazing. CPU and memory usages were always at an average level.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

In addition, there are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

We user the Check Point Remote Access VPN to provide access for our employees to connect to the specified environments.

We use the Check Point Endpoint Remote Access VPN client to allow our remote employees to connect to our company's offices in a secure and reliable way.

We use the clients for Windows and macOS, with the current software version E82.30. The Endpoint Remote Access VPN clients are fully compatible with the Check Point NGFWs Mobile Access VPN blade, and there are no problems connecting to it.

The clients have additional functions, like Firewall and Compliance blades, which we consider as a strong benefit for using the pure clients.

Several remote sites are supported in the client configuration, which allows us to have the redundancy for the case when one of the Offices becomes unavailable due to ISP problems.

1. It is easy to install the Endpoint Remote Access VPN client to different platforms. Within the company, we use it for Windows and macOS.
   
2. Built-in, centrally-managed Firewall blade, which allows filtering traffic on the client-side.
3. Built-in, centrally-managed Compliance blade. We check the client OS on the presence of the latest security updates and that the corporate antivirus software is up and running, and do not allow the client to connect to the office site in the case where these rules are not satisfied. That prevents the infected computers from connecting to the company's location and spreading the threats.
4. Stable VPN connection.

1. The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed. This is valid for at least software version E82.30, which we currently use.
2. In addition, there is no full client of the Check Point Remote Access VPN available for the Linux operating systems families. That is important since some of our administrators prefer to use this OS even on their home PCs. We hope that Check Point would develop a client for Linux in the future.

I have been using the Check Point Remote Access VPN for about two years.

The Check Point Remote Access VPN clients are stable on both Windows and macOS.

The Gateway side part of the software scales well.

We have had several support cases opened, but none of them were connected with the Check Point Remote Access VPN. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

Prior to this product, we didn't use any centralized VPN software before.

The setup was straightforward and simple.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

We did not evaluate other options because we already use the products from the CheckPoint ecosystem.

The Check Point Endpoint Remote Access VPN for MacOs and Windows are reliable solutions for remote access VPN, and fully compatible with the Check Point security ecosystem.

The primary use case of this solution is to connect to our internal network for accessing servers and clusters using Check Point VPN. End-users are, for example, students accessing computer labs and licensed software that can check academic licenses only within the campus network; further, our ERP folks could make good use of the VPN solution by remotely working on the Institute Management System infrastructure and can work efficiently without any hindrance. We also use its capsule app on smartphones to connect further.

Using Check Point Remote Access VPN has increased the overall productivity for users staying outside the campus and working remotely during this Covid-19 period. Faculty, students, staff, and research fellows as well as a lot of other eligible users have been benefited by securing the VPN license in order to run login remotely and access the project workstations, clusters, run simulations and submit their research work for the final thesis defense. It also allows for publishing in high-impact factor journals.

Once we install and connect the VPN service, it keeps on running until we disconnect. Moreover, the best outcome is when the end-users are able to check out software licenses through the tunnel and keep on working remotely from their home without any interruption. 

The VPN service works seamlessly in Windows and Mac. Only in the case of Linux or Ubuntu have we had to struggle a bit by understanding the SNX Batch file to get installed and run it. Moreover, in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Terminal Window Open.

The Linux version may have an app (similar to Windows) instead of a shell script. We have seen that in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Linux Terminal Window open otherwise the connection drops. Sometimes, we have noticed that the owing to installation of various antivirus and running of inbuilt firewalls (applicable to all operating systems); the connection for VPN sporadically drops and tries to reconnect. When this happens, we have to manually either disable the firewall/antivirus or reconnect the VPN again.

We've used the solution since 2015 or 2016.

We were using Cyberoam.

Users must pursue Proof of Concept as the functional requirements can vary.

We also looked into Palo Alto and Fortinet.

In our environment, we have many users working remotely. It's important to control the flow of traffic coming and going to these remote employees, and isolate traffic when used for business purposes. We have to allow our remote users to access services from home as though they were in the office. However, at the same time, we need to control that traffic and make sure it conforms to our policy. Our environment is complex and requires advanced policies to look at traffic in very unique ways from different users. Check Point's policy management has allowed us to do that.

At the beginning of the pandemic, everyone rushed to get their employees working from home. Luckily for us, we already had a strong structure around how remote access would work and had it set up for many employees. 

With the groundwork in place, the transition to remote work was made easy by simply adjusting the policy (configuration). In part, this is because we were already prepared for a remote workforce, and that preparation came from within our organization, however, if it weren't for Check Point enabling us to adjust rapidly, then it would not have been an easy transition.

The unified platform view is great. Being able to manage NGFW alongside our Remote Access Policies allows us to control traffic in one way. Be it if our users are at home or in the office the same policy applies to them allowing us to have one corporate view on the traffic within our organization.

Being able to integrate the policy with things like Active Directory groups, Azure cloud objects, RADIUS integration, and load balancing capabilities is wonderful. All of these things are built into their NGFW policy which we leverage to implement on our Remote Access policy.

The ability to allow split-tunneling while still following our corporate policy needs to be on the table. Right now, in order to allow the same policy to apply, the users' traffic must be routed up to our NGFW before going out to the internet. Having a method to apply the same policy to the client for outbound traffic while connected to the VPN would be huge.

Some things like the compliance aspect of the VPN Client can be updated to bring it a little more modern. It's very useful for checking things like Windows Updates levels before connecting, however, it could use a facelift since it's still quite old-looking.

I've been managing Check Point's Remote Access VPN for five years at my current employment, and had used it before at a previous employer.

The solution has been solid for me for over five years.

I get the impression this could scale up to whatever you need. Scaling issues might only be moving to clustered resources and setting up load balancing on gateways. Once you get big enough you should be able to scale up to your needs.

Support has been great 98% of the time. There's always one bad experience, yet, overall I wouldn't rate them based on that. If they need to get their experts online to help solve a problem, they have plenty and are willing to work through really deep subjects. I never worry with their support.

Positive

At our organization, we did not use another solution before this. That said, I have used other products in the past. It's been many years, so I'm sure those other vendors have had time to update their products too, however, since I've been managing Remote Access with Check Point, I've always been really impressed.

Setting up the VPN Clients is simple once you've already got the gateway in place. If you have to setup the Gateway, it will take a bit of knowledge and expertise.

Our in-house team set it up. That said, I have been working with network devices for a long time.

ROI on the VPN User license itself returns within a couple of months of you using it. However, if you have to make the investment into buying gateways for the product, then the ROI could be one year (if your whole organization is working from home), or up to three years if you barely use it.

You need to be an NGFW customer already. Otherwise, you'll need to purchase the gateways in order to terminate the VPN. That much should be obvious to anyone. Once you have the gateway in place, there is a VPN User license you need to purchase, however, it is very minimal in cost compared to other infrastructure.

We inherited the Check Point when we took over. Then, when the topic of remote access came up, it made sense to use what we had and just buy additional licensing rather than buy a whole new product.

Check Point products are typically not cheap, however, I've found it's often due to the fact that you can do a lot with it. 

I recommend Check Point products to anyone who is going to have the time and expertise to administer them. You're going to be able to do what you want to do, engineer a design that works for you. If you want to just plug it in and forget about it, then this might not be the product for you. That said, for those who do just want to plug something in and forget about it, I warn you to be cautious. When it comes to Remote Access, you don't want to ignore this. You want to be looking at it and you want to monitor it, otherwise attackers will take advantage of that weakness. This is where Check Point allows you to monitor the edge, while granularly controlling it.

We have always worked within the office. However, the COVID pandemic changed the course of our work in terms of where we had to implement new solutions so that we could all work from home. That was when I encountered Check Point; we had years with this solution in the facilities, yet, only during the pandemic did we have to innovate for a home environment. Today we have more than 6000 users working from home thanks to Check Point. This is possible due to the fact that, with a certificate and the client for this connection, every person can connect to our environment as if they were at the office.

We still have many areas of opportunity in which we must work, however, this has required us to improve our infrastructure in order to accommodate remote work. Since the beginning of the pandemic, we have had this solution and we have had many challenges since there are more than 6000 people who work from home. For security, we have an expiration time of the .p12 certificates and that requires updating passwords. Today, we are integrating this solution with a 2MFA system to give much more security to corporate.

The IPSec VPN, Mobile Access, and Identity Awareness are three of the blades with which we have been working with since the pandemic. This has given us great mobility, making our network more dynamic for connection to corporate due to the integration we have of Check Point via our AC or LDAP. 

We are creating rules by user and not by IP (which could be done both ways). We stick more to mobility inside and outside the corporate environment. Since then, corporate has been increasing security and keeping our workers happier.

The authentication that we handle is through a .p12 certificate, however, we have integrated it with a 2MFA service through another provider. Something that could improve Check Point is if it had its own 2MFA service through a blade or some sort of application. We'd be able to give a better experience to companies that already have a contract or Check Point services that deal with a work-from-home environment, giving greater scope and coverage from a single centralized dashboard.

I've used the solution for more than two years

The stability is the best.

The scalability is great.

 We have witnessed a fast response from the support team.

We did not use a different solution.

The initial setup was not overly complex.

We handled the installation in-house.

We've witnessed a 40% ROI.

The price is a little high, however, the solution is something that we recommend often.

We did evaluate other options.

Remote Access VPN is one of those essential items for every organization in order to maintain seamless and highly secured connectivity between the end-user and the organization's local area network to access resources - including Jump server Databases, et cetera.

No matter from which device or from which location users are accessing an organization's local resources, with the help of the Check Point VPN client they can make sure they have connected securely.

Check Point offers a best-in-class encryption algorithm to ensure confidentiality and maintain integrity between the end-user and the Gateway. 

In disaster situations like Covid-19, most users were working from home or in remote locations. In such cases, Check Point Remote Access VPN provides feasibility to everyone to work from home and access an organization's resources remotely.

With a client-less configuration known as SSL VPN users can directly access resources via a browser-like database, share folders, et cetera.

To maintain the authorization of the connected user, Check Point provides multi-factor authentication for an RA VPN client to make sure legitimate users have access to resources.

• Secure connectivity: Guaranteed authentication, confidentiality, and data integrity for every connection and user.
• Straightforward Configuration: Easy to enable blades and define policies.
• Authentication: SAML authentication makes sure the user is legitimate.
• Compliance check: It scans the endpoint machine to detect suspicious/malicious content before connecting to an office network.
• MEP: Multi entry points to make sure there's availability to the LAN network even if the primary gateway goes down.
• A single client can work as sandblast agent.

Check Point RA VPN requires companies to take separate licenses initially so that only 5 connected users licenses are given as subscriptions. Most other competitors, like Palo Alto, provide 1000 connected user licenses for free.

Some configurations, like idle timeout (the requirement came from multiple users), are not possible to configure directly from the Check Point management server. We have to make changes in the local directory of the respective devices.

I've used the solution for more than three years.

The solution is highly stable.

Check Point has an Unlimited License Package for the RA VPN and therefore we can scale it easily.

Customer service has a dedicated team that handles RA VPN cases which ultimately leads to an early resolution.

Migration has taken place such as from Cisco to Check Point and Sophos to Check Point. During that phase, the customer needed to change the VPN client as well.

Browser-based functionality is one of the best things that Check Point provides.

The initial setup is straightforward during the initial configuration.

The setup is very straightforward but subscription-based. It isn't cost-effective.

We did look at Cisco Anyconnect and Palo Alto Global Protect.