Check Point Remote Access VPN Reviews

Since SARS-COV2, most users went to work from their home office, so we needed to have an robust, secure, and stable VPN connection. We implemented Check Point VPN and we have had no problems with it. We are almost 50 users working from home securely. Also, the access rules based on VLANs have helped many users get access depending on which connection they have. For example, some users with VPN connections can only access some specific servers and ports, however, when they are on an internal LAN, they have access to the entire network.

We have more control over the activity that users have on the internal network, thanks to the monitoring offered by Check Point and the security provided by the gateway. 

I'm the IT manager for the company, and my work has been improved due to the fact that, in conjunction with VPN, we implemented the Endpoint Security client so we can manage our client's computers even if they are not physically in the office. When we need to remove some users from a VPN connection we just need to lock the account and use the assets console to disable the feature from the client's computer.

The combination of the user accounts for the VPN with the access rules provided by the security gateway gives you more control and specificity about who has access to what. For external users, we can offer a solution based on the internet needs and we are able to share information on a secure channel. We can specifically point to the desired resources in the organization without the need to install any additional software on external client machines.

It needs to improve the capability of the Secure browser VPN connections. Some in-house applications didn't work due to the use of JScript and the backend and front end technology for the applications. In the case of URL translation of the VPN Web portal, the requests made from the front end to the back end weren't valid (due to the use of dynamic subdomains). In the case of host translations, the request was made to the same host, however, we cannot specify the ports, which, in our case, are used to redirect to different servers.

I've used the solution for over two years.

It's very stable, however, I recommend some scheduled restarts for cleaning connections and processes.

It is very easy to manage the solution and also the integration.

I have had a good experience with the support tickets that I have dealt with.

Previous to Check Point, we didn't have any gateway security.

The initial setup was a little complex as it was the first time working with Check Point.

The implementation was handled by an in-house team.

We expect that investments is recovered in two years.

The pricing is fair and the support team is good.

We were evaluating Fortinet as well.

Check Point is very reliable and secure.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

In addition, there are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

We user the Check Point Remote Access VPN to provide access for our employees to connect to the specified environments.

We use the Check Point Endpoint Remote Access VPN client to allow our remote employees to connect to our company's offices in a secure and reliable way.

We use the clients for Windows and macOS, with the current software version E82.30. The Endpoint Remote Access VPN clients are fully compatible with the Check Point NGFWs Mobile Access VPN blade, and there are no problems connecting to it.

The clients have additional functions, like Firewall and Compliance blades, which we consider as a strong benefit for using the pure clients.

Several remote sites are supported in the client configuration, which allows us to have the redundancy for the case when one of the Offices becomes unavailable due to ISP problems.

1. It is easy to install the Endpoint Remote Access VPN client to different platforms. Within the company, we use it for Windows and macOS.
   
2. Built-in, centrally-managed Firewall blade, which allows filtering traffic on the client-side.
3. Built-in, centrally-managed Compliance blade. We check the client OS on the presence of the latest security updates and that the corporate antivirus software is up and running, and do not allow the client to connect to the office site in the case where these rules are not satisfied. That prevents the infected computers from connecting to the company's location and spreading the threats.
4. Stable VPN connection.

1. The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed. This is valid for at least software version E82.30, which we currently use.
2. In addition, there is no full client of the Check Point Remote Access VPN available for the Linux operating systems families. That is important since some of our administrators prefer to use this OS even on their home PCs. We hope that Check Point would develop a client for Linux in the future.

I have been using the Check Point Remote Access VPN for about two years.

The Check Point Remote Access VPN clients are stable on both Windows and macOS.

The Gateway side part of the software scales well.

We have had several support cases opened, but none of them were connected with the Check Point Remote Access VPN. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

Prior to this product, we didn't use any centralized VPN software before.

The setup was straightforward and simple.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

We did not evaluate other options because we already use the products from the CheckPoint ecosystem.

The Check Point Endpoint Remote Access VPN for MacOs and Windows are reliable solutions for remote access VPN, and fully compatible with the Check Point security ecosystem.

The primary use case of this solution is to connect to our internal network for accessing servers and clusters using Check Point VPN. End-users are, for example, students accessing computer labs and licensed software that can check academic licenses only within the campus network; further, our ERP folks could make good use of the VPN solution by remotely working on the Institute Management System infrastructure and can work efficiently without any hindrance. We also use its capsule app on smartphones to connect further.

Using Check Point Remote Access VPN has increased the overall productivity for users staying outside the campus and working remotely during this Covid-19 period. Faculty, students, staff, and research fellows as well as a lot of other eligible users have been benefited by securing the VPN license in order to run login remotely and access the project workstations, clusters, run simulations and submit their research work for the final thesis defense. It also allows for publishing in high-impact factor journals.

Once we install and connect the VPN service, it keeps on running until we disconnect. Moreover, the best outcome is when the end-users are able to check out software licenses through the tunnel and keep on working remotely from their home without any interruption. 

The VPN service works seamlessly in Windows and Mac. Only in the case of Linux or Ubuntu have we had to struggle a bit by understanding the SNX Batch file to get installed and run it. Moreover, in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Terminal Window Open.

The Linux version may have an app (similar to Windows) instead of a shell script. We have seen that in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Linux Terminal Window open otherwise the connection drops. Sometimes, we have noticed that the owing to installation of various antivirus and running of inbuilt firewalls (applicable to all operating systems); the connection for VPN sporadically drops and tries to reconnect. When this happens, we have to manually either disable the firewall/antivirus or reconnect the VPN again.

We've used the solution since 2015 or 2016.

We were using Cyberoam.

Users must pursue Proof of Concept as the functional requirements can vary.

We also looked into Palo Alto and Fortinet.

In our environment, we have many users working remotely. It's important to control the flow of traffic coming and going to these remote employees, and isolate traffic when used for business purposes. We have to allow our remote users to access services from home as though they were in the office. However, at the same time, we need to control that traffic and make sure it conforms to our policy. Our environment is complex and requires advanced policies to look at traffic in very unique ways from different users. Check Point's policy management has allowed us to do that.

At the beginning of the pandemic, everyone rushed to get their employees working from home. Luckily for us, we already had a strong structure around how remote access would work and had it set up for many employees. 

With the groundwork in place, the transition to remote work was made easy by simply adjusting the policy (configuration). In part, this is because we were already prepared for a remote workforce, and that preparation came from within our organization, however, if it weren't for Check Point enabling us to adjust rapidly, then it would not have been an easy transition.

The unified platform view is great. Being able to manage NGFW alongside our Remote Access Policies allows us to control traffic in one way. Be it if our users are at home or in the office the same policy applies to them allowing us to have one corporate view on the traffic within our organization.

Being able to integrate the policy with things like Active Directory groups, Azure cloud objects, RADIUS integration, and load balancing capabilities is wonderful. All of these things are built into their NGFW policy which we leverage to implement on our Remote Access policy.

The ability to allow split-tunneling while still following our corporate policy needs to be on the table. Right now, in order to allow the same policy to apply, the users' traffic must be routed up to our NGFW before going out to the internet. Having a method to apply the same policy to the client for outbound traffic while connected to the VPN would be huge.

Some things like the compliance aspect of the VPN Client can be updated to bring it a little more modern. It's very useful for checking things like Windows Updates levels before connecting, however, it could use a facelift since it's still quite old-looking.

I've been managing Check Point's Remote Access VPN for five years at my current employment, and had used it before at a previous employer.

The solution has been solid for me for over five years.

I get the impression this could scale up to whatever you need. Scaling issues might only be moving to clustered resources and setting up load balancing on gateways. Once you get big enough you should be able to scale up to your needs.

Support has been great 98% of the time. There's always one bad experience, yet, overall I wouldn't rate them based on that. If they need to get their experts online to help solve a problem, they have plenty and are willing to work through really deep subjects. I never worry with their support.

Positive

At our organization, we did not use another solution before this. That said, I have used other products in the past. It's been many years, so I'm sure those other vendors have had time to update their products too, however, since I've been managing Remote Access with Check Point, I've always been really impressed.

Setting up the VPN Clients is simple once you've already got the gateway in place. If you have to setup the Gateway, it will take a bit of knowledge and expertise.

Our in-house team set it up. That said, I have been working with network devices for a long time.

ROI on the VPN User license itself returns within a couple of months of you using it. However, if you have to make the investment into buying gateways for the product, then the ROI could be one year (if your whole organization is working from home), or up to three years if you barely use it.

You need to be an NGFW customer already. Otherwise, you'll need to purchase the gateways in order to terminate the VPN. That much should be obvious to anyone. Once you have the gateway in place, there is a VPN User license you need to purchase, however, it is very minimal in cost compared to other infrastructure.

We inherited the Check Point when we took over. Then, when the topic of remote access came up, it made sense to use what we had and just buy additional licensing rather than buy a whole new product.

Check Point products are typically not cheap, however, I've found it's often due to the fact that you can do a lot with it. 

I recommend Check Point products to anyone who is going to have the time and expertise to administer them. You're going to be able to do what you want to do, engineer a design that works for you. If you want to just plug it in and forget about it, then this might not be the product for you. That said, for those who do just want to plug something in and forget about it, I warn you to be cautious. When it comes to Remote Access, you don't want to ignore this. You want to be looking at it and you want to monitor it, otherwise attackers will take advantage of that weakness. This is where Check Point allows you to monitor the edge, while granularly controlling it.

The Mobile Access VPN is used to provide users with remote access to company resources.

Users can access the system at any time from corporate laptops as well as home PCs.

It is also possible to connect from Android and IOS mobile devices.

We also use the functionality of the secure Capsule Workspace container to securely provide access to corporate Web resources and mailing services from mobile devices.

It is also possible to provide restricted access to partners via SSL VPN using the Check Point Mobile Web Portal fine-tuning.

This solution allows users to connect from any location. The system is very flexible. We can easily control access and view statistics on the usage of this functionality.

We are also happy with the overall stability of the operation, the easy configuration on the gateway side, and the ease of deploying clients to endstations.

The user device verification functionality allows us to prevent connections if a device does not comply with corporate security policies until the device has met all requirements.

When working with different groups of users, we can easily set up both standard authentication by username and password and use two-factor authentication such as SMS + username and password or certificate + username and password. This definitely increases security and allows you to control access.

It is also possible to use third-party tools to customize HTML5 access. For example, the connection is made without the need to install any client on the user side.

Access is browser-based only and requires no additional client installation.

We would like to implement HTML5 (clientless access) in the product without installing any additional software.

It would also be desirable to be able to segregate the different authentication methods by domain user group.

Unfortunately at the moment, the division is only between domain and non-domain users.

What we also miss is control over the workstations for non-domain PCs that the client is installed on.

It would be nice if we could block such connections based on, for example, the machine name or connection ID.

We have been using this solution since 2007 and started with the R65 version.

We have always worked within the office. However, the COVID pandemic changed the course of our work in terms of where we had to implement new solutions so that we could all work from home. That was when I encountered Check Point; we had years with this solution in the facilities, yet, only during the pandemic did we have to innovate for a home environment. Today we have more than 6000 users working from home thanks to Check Point. This is possible due to the fact that, with a certificate and the client for this connection, every person can connect to our environment as if they were at the office.

We still have many areas of opportunity in which we must work, however, this has required us to improve our infrastructure in order to accommodate remote work. Since the beginning of the pandemic, we have had this solution and we have had many challenges since there are more than 6000 people who work from home. For security, we have an expiration time of the .p12 certificates and that requires updating passwords. Today, we are integrating this solution with a 2MFA system to give much more security to corporate.

The IPSec VPN, Mobile Access, and Identity Awareness are three of the blades with which we have been working with since the pandemic. This has given us great mobility, making our network more dynamic for connection to corporate due to the integration we have of Check Point via our AC or LDAP. 

We are creating rules by user and not by IP (which could be done both ways). We stick more to mobility inside and outside the corporate environment. Since then, corporate has been increasing security and keeping our workers happier.

The authentication that we handle is through a .p12 certificate, however, we have integrated it with a 2MFA service through another provider. Something that could improve Check Point is if it had its own 2MFA service through a blade or some sort of application. We'd be able to give a better experience to companies that already have a contract or Check Point services that deal with a work-from-home environment, giving greater scope and coverage from a single centralized dashboard.

I've used the solution for more than two years

The stability is the best.

The scalability is great.

 We have witnessed a fast response from the support team.

We did not use a different solution.

The initial setup was not overly complex.

We handled the installation in-house.

We've witnessed a 40% ROI.

The price is a little high, however, the solution is something that we recommend often.

We did evaluate other options.

We are hosting environments for our customers and ourselves. With Check Point Client, VPN users that aren't in their internal networks can connect via a secure connection into the internal network.

Remote users use different clients (Windows, Linux, and Mac OS) so depending on the customer, there is either a client connection or a clientless approach (using a web portal).

Users can also be identified if they use the Client VPN solution. If you want to identify them inside the network you have to use an IA agent.

Once set up, it simply works without issues.

The main advantage is that if you already have a Check Point Gateway in place you don't have to buy additional hardware. You only need to check if there are enough resources on the gateway for the additional load and decide how many concurrent users you need.

The installation was fairly straightforward thanks to the Admin Guide and the User Center.

Adding a Radius or similar to use for the user authentication can also easily be done so you don't have to create local users. Depending on the size of the user base I would also recommend MFA.

A normal Check Point Gateway has, with the base license, 5 concurrent users included. This means that in emergency situations you don't have to buy additional licenses.

During Covid, the license was increased and therefore it was easily possible to have several users working from home.

It's possible to either have a client installed on the user's machine, or have a clientless approach using the web portal. 

There is MEP functionality, so, based on the user's location, it minimizes the latency by connecting to the nearest entry point. 

The non-standard setup is quite complex as you have to do changes via GUI and CLI. Luckily, Check Point knowledgebase articles help you, however, there are so many resources you have to go through.

The Client VPN licenses are for concurrent users and there is currently no way to prioritize certain users over others.

There is no possibility to increase the number of concurrent users for a short time (except if you have unlimited concurrent users licensed). This could help during emergency situations where there are more client VPN users than anticipated.

I've used the product for over 7 years.

For a basic setup, implementation is quite easy.

Remote Access VPN is one of those essential items for every organization in order to maintain seamless and highly secured connectivity between the end-user and the organization's local area network to access resources - including Jump server Databases, et cetera.

No matter from which device or from which location users are accessing an organization's local resources, with the help of the Check Point VPN client they can make sure they have connected securely.

Check Point offers a best-in-class encryption algorithm to ensure confidentiality and maintain integrity between the end-user and the Gateway. 

In disaster situations like Covid-19, most users were working from home or in remote locations. In such cases, Check Point Remote Access VPN provides feasibility to everyone to work from home and access an organization's resources remotely.

With a client-less configuration known as SSL VPN users can directly access resources via a browser-like database, share folders, et cetera.

To maintain the authorization of the connected user, Check Point provides multi-factor authentication for an RA VPN client to make sure legitimate users have access to resources.

• Secure connectivity: Guaranteed authentication, confidentiality, and data integrity for every connection and user.
• Straightforward Configuration: Easy to enable blades and define policies.
• Authentication: SAML authentication makes sure the user is legitimate.
• Compliance check: It scans the endpoint machine to detect suspicious/malicious content before connecting to an office network.
• MEP: Multi entry points to make sure there's availability to the LAN network even if the primary gateway goes down.
• A single client can work as sandblast agent.

Check Point RA VPN requires companies to take separate licenses initially so that only 5 connected users licenses are given as subscriptions. Most other competitors, like Palo Alto, provide 1000 connected user licenses for free.

Some configurations, like idle timeout (the requirement came from multiple users), are not possible to configure directly from the Check Point management server. We have to make changes in the local directory of the respective devices.

I've used the solution for more than three years.

The solution is highly stable.

Check Point has an Unlimited License Package for the RA VPN and therefore we can scale it easily.

Customer service has a dedicated team that handles RA VPN cases which ultimately leads to an early resolution.

Migration has taken place such as from Cisco to Check Point and Sophos to Check Point. During that phase, the customer needed to change the VPN client as well.

Browser-based functionality is one of the best things that Check Point provides.

The initial setup is straightforward during the initial configuration.

The setup is very straightforward but subscription-based. It isn't cost-effective.

We did look at Cisco Anyconnect and Palo Alto Global Protect.