Check Point Security Management Reviews

We have a Check Point firewall to secure our perimeter as well as on the internal network. We also have our Security Management server on VM. Both perimeter & internal sets are managed via the same Security Management system.

Two separate packages are created for both perimeter & internal sets.

We are also managing a SandBlast device via Security Management.

Even though all of the work is performed by the gateway, Security Management plays a vital role in a three-tier architecture. Here, our primary use case is to push security policies & manage logs.

Check Point Security Management is one-stop for all operation-related activity on the Check Point Security Gateway (firewalls).

We have completed one-time implementation configurations, like clustering, using this tool.

Check Point has a very sophisticated log monitor, where troubleshooting is very simple. We just have to put the desired filter, and Check Point generates the reports that help us to understand the overall picture in our network.

We have created multiple users, and they each have a smart dashboard install on their machine.

The Check Point Management server is isolated from security gateways, which means that in case there is an issue, we have our configuration ready and we can directly replace the device and push the configuration. Logs are collected at the management server, hence we can preserve those as well. 

We can keep on adding new devices that can all be managed from a single security management server.

After the upgrade to R80, we have a single interface for all activities. Previously, we needed to configure using different applications.   

It is very difficult to recover policies from the gateway in case if you lose your security management server, and don't have a backup.

The backup functionality (Migrate export command), which covers policies, can not be operated from the GUI. Instead, we have to log into the CLI and generate a file then take it out. For those not familiar with the Command Line interface, there should be an option in the GUI for operating backups. There should also be an option to automatically schedule the backup. 

The smart dashboard is a very heavy application. If we could directly connect & manage firewalls from the Management server itself then it would make it very easy.

I have been working with Check Point Security Management for more than three years.

The stability needs to be improved.

Scalability-wise, it is very good, as it was deployed on VM.

TAC is very supportive but we face many issues with this product.

Previously, we had only firewalls & not a management device. 

The initial setup is not very complex & can be done easily.

We are the ones who implemented it.

This product can be used for 25 security gateways on a basic license. I think that this is good value for the money.

We wanted to implement Check Point and hence, we did not evaluate others.

We use it for the firewall and the filtration. The accounts are put on a server and even the SmartConsole is installed on a server environment.

In terms of most valuable features, I love the URL filtering as well as the identification capabilities which link with the Active Directory and work for me even with bandwidth regulation. These allow me to select to whom to do what, and when.

As for improvement, again, the bandwidth regulation is an issue - it is not up to my expectations. If they could improve that it would be good.

In future releases I'd like to see better integration with other applications and solutions.

Also, the cost of the license is too high, it's too expensive.

I have been using Check Point Security Management for the last five or six years.

I used to contact customer service, but nowadays, I'm authorized to handle that. We have our own internal team in the company to maintain this solution on our own. I know a few people at Check Point so we work together.

Yes, we were using Dell SonicWall.

In terms of initial setup, at the beginning when I was not an expert, it was difficult but now that I'm an expert it is no longer difficult at all.

I don't know how long the setup was the first time since it was done by a client. But nowadays, because I'm an expert, it doesn't take long. It takes about an hour or two and I've done everything.

On a scale of one to ten, I'd give Check Point Security Management a nine because it is not yet available in our country.

We primarily use the solution based on the results that are provided. We've tried others previously and they didn't give us the results we receive on this particular product.

The additional features offered by the solution are excellent. We didn't have a lot of these on a previous solution, and they've proven to be an advantage for us.

Based on my personal use of the system, the interface is quite good.

It depends on the user, but all of the checkpoints need improvement. The only place I need a bit of an update, for example, is in the endpoint management. There are some policies that are embedded that you have to examine if you have sensitive users. 

For some applications, the default acts as a manager. However, in a system with a history of being breached or where users are given access based on their job function, we seem to have issues particularly there.

The reporting should be improved in future releases. It needs to be very explicit. This is very important.

I've been using the solution for about a year.

Over the past nine or ten months that we've been using the solution we've found it to be very stable. We haven't had any issues at all. Since we have a monetary drive to enforce stability, when we see a flagged issue we will address it immediately.

The scalability of the solution is excellent. We haven't faced any negative aspects when trying to scale up.

The technical support of the solution has been very good. They are much better than what I previously had. I find that we get attention within 24 hours if we flag something. We are purchasing the support so it may be the reason we get such a quick and helpful response.

We did previously use a different solution. They didn't have support locally in my country and this was difficult for us. Everything was done via mail or phone and it was not helpful. With this solution, if the situation cannot be remotely addressed within 48 hours, they will come to my office in person and attend to me. It's much better.

The initial setup is very straightforward. Deployment takes about three working days. In our case, we had to import policies from SonicWall but not on the same platform, so we had some little challenges like that, however, overall it was quite straightforward.

We have an in-house team that handles maintenance.

We had an integrator that assisted us with the implementation of the product. We use them for support as well.

We're still in the testing phase in terms of using the solution. Soon, it will be one year since we have fully deployed it. So far, it's been very good. I would rate it eight out of ten.

One of the most valuable features is the console application.

It's a great solution for management. We can manage a lot at the same time with one security management system. Also, each gateway depends on the other, which is helpful.

The client of the management needs to be improved. 

The solution is a bit slow. The speed should be improved. 

If there is a possibility to use the URL instead of client management in a future release, that would be ideal.

In the last version from 80.20, there are some issues around SSNA Diction. I would like this to be improved.

The solution is scalable.

I haven't contacted technical support a lot. I have a colleague that's had issues with a certain version of the solution, and they have made contact. They've had issues, but for me, technical support has always been fine.

The initial setup is not too complex, but those setting it up should have knowledge of Unix as well as some knowledge in Linux command lines. 

We're a partner. We help clients implement the solution.

We are using the on-premises deployment model.

I would rate the solution eight out of ten.

We are primarily using the solution as a firewall, and for some IPS features as well.

The firewall's blades are the solution's most valuable feature.

We had a lot of problems with the VPN blade on the solution.

We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release. There should be more visibility about which blade in your firewall is causing the latency. That would be nice as well.

The stability of the file blade is good. However, there are a lot of blades, and some of the blades have bugs. For example, the VPN is not so stable. Aso, sometimes when we have high loads on our firewall because we have 20,000 users, the Firewall blade also has trouble.

The scalability of the solution is good. However, we have four or five firewalls and that's more than enough, so we don't need to increase the usage. We have about 20,000 users that go through the firewall at this time.

We don't go through technical support if we need assistance. We instead go to our consultants which assist us if we run into any issues. The consultants may sometimes open cases, but we have no direct contact with Check Point.

We didn't previously use a different solution.

In general, the initial setup was straightforward. Deployment for us took quite long because we migrated in small steps. That was our choice and had nothing to do with Check Point. We have five people managing the solution, and we have two consultants that sometimes help us with some troubleshooting and features.

We used a consultant to assist with the implementation.

Before choosing Check Point, we evaluated FortiGate from FortiNet, Sonicwall from Dell and Cisco FW products.

We're using the on-premises deployment model.

I'd rate the solution seven out of ten.

Perimeter protection. It has performed well. It's good.

It hasn't really improved the way our organization functions. It has just provided that extra functionality. That is something we now demand of all firewalls.

The ability to include logs for everything that you do for admin. Also, it has web filtering built in and VPN. Those are the main features we use.

I would like the ability to have an overview, cross-site: One portal that does all firewalls.

The stability is good, but that's because we've got a high-availability configuration.

It is scalable, but, as I said before, you are not able to connect across multiple sites for a similar firewall.

I would say tech support is about a six out of 10.

There was no previous solution. I inherited this one.

When selecting a vendor, the most important criteria are history, reputation, and looking at the industry ratings.

Although I wasn't involved in the initial setup, I believe it was quite complicated.

Do the homework because Check Point is rather expensive. There are better firewalls on the market now that are cheaper and provide better functionality and security.

I rate it a six out of 10 because the user interface is overly complicated.

This solution is used to validate the firewalls, and it performs this function very well.

It helps us control what people are accessing, inside the company.

URL filtering is a very important feature.

The usability of the solution could be improved.

I think stability is good. We haven't had any trouble.

The scalability looks fine.

My company has used technical support, but I have not.

In the past, we had a type of proxy for our URL filtering. The idea was to have everything packaged in the same solution. We removed the proxy and started to use just the firewall to control URL filtering and normal firewall rules in the same solution.

When selecting a vendor, we always check the industry reviews. Then, we analyze the features and, after that, the price-feature combination is the most important factor: which one has the best price and has the features we need.

Pay attention to the stability of the solution because it's very critical.

I would rate this solution a nine out of 10. They need to improve the usability. It's good but it can always be better. 

We utilize the security management solution to oversee all our Check Point products, including firewall, IPS, and antivirus policies. It serves as our primary tool for managing all Check Point devices.

Check Point Security Management excels over Forti Management in daily operations, policy management, and graphical interface. It is easy to open and edit policies, search within them, and view logs.

The only issue is that, you need to install an application instead of managing it through a browser. Thus, it requires installation. Additionally, it can be slow when multiple users access the manager simultaneously. Even with increased CPU and memory resources, some performance issues may still occur when multiple users check simultaneously.

I have been using Check Point Security Management for ten years.

Sometimes, we encounter crashes while working on Check Point Security Management, necessitating application restarts. We also face connectivity issues with certain firewalls, making it less stable than other products.

The solution’s scalability is good ; adding more CPUs and memory can give you more gateways.

20 managers are using this solution.

I rate the solution’s scalability a nine out of ten.

We currently have at least two or three cases open, and some are regarding demand. We struggle to find a good engineer who can truly help us instead of just sending some comments for us to run and provide feedback. They need to improve, especially in their initial client support.

Positive

The initial setup is complex.

Compared to Forti Management, Check Point Security Management involves much more work and is more difficult. You need to establish connections to all the firewalls manually, one by one. However, with the function manager, you point the firewall to the manager and accept it on the Management, and it's done. Additionally, you need to manage certificates on Check Point, making the process less straightforward than FortiManager. 

You depend entirely on the manager to edit the security gateway policies. If the manager encounters an issue with Fortinet, you can still access the FortiGate and delete policies. In Check Point, you cannot delete firewall policies directly on the firewall itself if you encounter a Management issue.

Deployment, including firewall synchronization, takes about four days to complete.

You usually need to create and use the VM Manager VM. So, you need to deploy the VM, configure the IPs, and install the Check Point console software. Then, you need to perform an SIP IT connection to all the firewalls to manage them. After that, you need to configure the firewall networks and public IPs. 

I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.

The product is more expensive than Fortinet. We need to pay the license for the Management. I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.

It enhances our daily operational efficiency. Therefore, all management personnel prioritizing working on Check Point policies over Fortinet would benefit. However, maintenance upgrades, backups, snapshots, and synchronization between primary and secondary management can become cumbersome. These tasks tend to be more challenging and time-consuming.

The learning curve for Check Point is quite steep. Sometimes, when we recruit new members to our company, they take a lot of time to understand how our Check Point system works, including the connection between the Management and the firewall, among other components. With Fortinet, it takes only two or three weeks for them to get acquainted with everything. With Check Point, they need at least three months to become accustomed to upgrades, managing policies, and maintenance of the Management system. So, it takes at least three or four times longer than with Fortinet.

AI is essential for correlating logs and presenting the ones that matter. They could strengthen how they present logs by giving more attention to the ones that matter most.

Check Point is easy to use, allowing users to drag and drop objects effortlessly. However, it's essential to note that deploying and maintaining the solution may require a bit more expertise than some competitors.

Overall, I rate the solution an eight out of ten.