Check Point Security Management Reviews

We deployed the Check Point firewall for protecting our web servers and intranet servers. We used a management server as a centralized device for Check Point Gateway firewalls.

The best aspect about the notion is that we can push policy, IPs, or any other functionality to all or a subset of gateways. Alternatively, creating a distinct tab for each gateway gives a clear idea of the configuration changes and makes them less complicated.

Check Point's solution cuts down on the time it takes to manage multiple firewall devices.

Our organization has faced multiple attackers daily which causes high-impact performance, even though the previous firewall blocks. This leads to an impact on customer satisfaction with our services.

However, after deploying Check Point firewalls in our organization we found drastic changes in the performance of our network   

The management server helps us to reduce the time to manage multiple firewalls.

It's easy to push configuration changes to each of the gateways.

We can track logs of each firewall which is very helpful.

The importance of centralized administration cannot be overstated. As a network security engineer, I must mention that it allows us to manage all of our Check Point devices from a centralized point. 

Although there is certainly room for improvement in the UI, I am pleased that Check Point continues to correct and enhance. 

Furthermore, they provide some new features that will revolutionize security administration.

Initially, I was not a huge fan of Check Point's SmartConsole; I'm not sure why; perhaps it was because I was used to using only the web interface in other vendor firewalls like Palo Alto, Fortigate, and so on.

Now that I've tried it, I have to say that it's the greatest way to handle firewalls. There are some flaws, however, Check Point is working to correct them with each version.

They need to make a Mac version of the SmartConsole, in my opinion.

Aside from that, I'm satisfied with Check Point solutions.

I've used the solution for two years.

With Security Management solution, we can manage and distribute security policies to firewall gateways. In large environment where there are dozens of Check Point appliances from Headquarter to branches, I deployed the Security Management with thousands of rules for an enterprise. I created different security packages for each gateway/cluster pair for administration purpose while maintaining separation and ease of policy installation. With every change request, we just need to configure the relating package and install to right gateways. Besides log dashboard in smartconsole is very useful and convenient for monitoring and tracking. It provides intuitive interface to search log, operation to filter is very to understand

With Check Point Security Management, we can:

- Manage and configure cluster for Check Point Gateways. Define security zones (internal, dmz, external) on interfaces.

- Add, modify, delete security rules, objects and install to gateways.

- Activate or de-activate blades like Mobile Access, IPS, URL Filtering, Application Control, Identity Awareness, Antivirus,... to the selected gateways and configure the security settings on them.

- Track and monitor security logs.

- send commands to the Management API. Supporting Management API helps automated tasks for daily operation or integrate with third-party solution SIEM/SOAR.

The most valuable feature is Management API. It has been supported since R80 and above. Why? For firewall administrators who handle many tasks daily on not only Check Point systems. They are flooded with their boring manual tasks but always got stuck with request tickets. For security analysts who work with numerous logs from many sources and take actions to stop attacks. Can analysist and protection be highly effective if they must take much time in implementing policies? All limitations above can be solved with Check Point Management API. The administrators can automate and improve their productivity in operation by scripting. The security analysts can immediately apply security settings on the firewall while saving their time and concentrate on their research job. This feature is very useful and Check Point works great job to support many security aspects with easy-to-understand guide.

In complex environment, the Security Management system manages many firewall gateways. There are thousands of security rules in the server and there are also other security settings about Check Point blades. Database in the server becomes large. Hence installing policy takes very long time to complete. Imagine that the administrators must process their daily tickets. They make configuration changes in Smart Console of Management Server for the first ticket, and while waiting for installation completion, then they receive the second ticket, a critical case, what should they do? This is only one of the situations that the administrators are facing in operation. Hope that Check Point can improve the processing time of installation.

More than 5 years

Check Point TAC team is very professional.

Positive

Only manage Check Point gateways by using Check Point Management Server. I used other firewall vendors like Cisco, Fortinet but Check Point is much better about stability and performance. So using central management for Check Point is best choice.

Easy of setup

I always implement by myself because it's very easy to implement.

We use the solution for ensuring the on-premise and cloud-based infrastructure through the Check Point gateway solution. We're applying the solution to the endpoint and running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. 

As compared to the other vendors like CISCO ASA, Juniper, and other vendors it's nice to see maximum futures in the single firewall. The site and remote VPN deployment are very easy and troubleshooting the issues is also very easy.

The cluster solution made our job easier any fault to the device will not halt entire internet connectivity. In that case of the performance, we have zero-downtime upgrades and VPN solution deployments.

Check Point Software Technologies (Check Point for short) is a company operating exclusively in the field of Information Security and covering four main areas:

1. Network Security on the perimeter and inside Data Centers.
2. Cloud Security: Public, Private, and Hybrid.
3. Endpoint Security for both Windows and Macs.
4. Mobile Security for Android and iOS devices.

The solution offers ClusterXL, Secure XL, and Core XL.

When working with it, you will encounter three main components: Security gateway, security management server, and Smart Console. 

Customer support is very good and they have depth knowledge on the particular technology which helps us in fixing the problems ASAP. 

Remote and site-site VPNs we can easily deployable and maintenance  upgrade of the tunnel parameters becomes very easy as this is having the simple smart console access to the gateways. 

Also the multi-domain smart dashboard is another capability to manage multiple firewall through the single console.

The application filtering and URL filtering could be better.

They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution.

Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. 

It is advised to make the processes simpler.

Need to have simple scripting and automation methodology to automate the networking operations.

I've used the solution for more than six years.

It's stable.

It's a good product that's scalable.

Technical support is nice.

Positive

I used Cisco ASA. Large-scale deployment and integration are very difficult in Cisco ASA.

The solution is straightforward.

We implemented it with the help of a vendor.

The ROI is good

I did evaluate ASA, Palo Alto, and Firepower solutions.

The solution is used to manage security gateways. We use the management server to manage our firewalls, one at DR and the other at HQ. 

The Management servers are also used to manage security policies to determine who or what system should connect to what. This allows us to block applications that are not needed per department. For example, Facebook is blocked for everyone except the marketing team. This helps keep people more productive. We also use the rules to prevent users from visiting dangerous and illegal sites.  

It has helped improve work in our organization. Check Point Management tracks a lot of activities on the network such as who is connecting to what sites and applications. 

It has also provided visibility into who is connecting to the corporate network via VPN and at what time which helps us keep unauthorized users away. 

The interface also makes it easy for us to configure the VPN from the GUI rather than the command line, which makes it easy even for less experienced engineers to work with. 

The management also gives visibility into licenses and device-related information to help track how long you have till licenses expire and the software and hardware health of devices. 

The smart event feature is the most valuable. The consolidated logs give full network visibility. 

The smart console has been able to provide us with good detailed information and reports ranging from bandwidth, risky applications, IPS reports, VPN reports, and infected hosts on the network. 

Reports help determine which machines may be infected with bots if they indicate that they were trying to connect to command and control servers, smart event helps determine these machines by IP address or username. 

The IPS also indicates what attacks and from where we're trying to hit our organization which helps us twerk our settings accordingly to have the most security we can get. 

It could improve by showing DNS-specific information for connections to unknown public IPs. 

Check Point could also improve management by not having applications for each version released because we have to install a new application for every version it is not very nice. They could do that by moving management to the web so that we do not have to install a client for every version. 

The fact that you have to connect to two different applications for management, does not make it the most usable. It could be great to have a system setting and policy setting done from one interface. 

I've been using the solution for four years.

It's a very stable solution and Check Point is always doing proactive support to avoid any future problems or failures. Checkpoint support fixes bugs that they discover before the implemented production systems are affected. By logging a call with the customer and helping them remediate problems before they occur. 

It is reasonably scalable as you are able to manage five gateways with one management server at entry-level.

The solution offers very good customer support. The engineers respond on time and are available to help even if it means setting up a call to help you in implementing the given instructions.

Positive

The initial setup was straightforward. The prompt to install and the setup guide will get you through the process. When you're unclear, there are plenty of online resources to help.

We did the implementation in-house.

The solution is definitely worth it as it helps put policies that help people focus more on work than play to use company resources more efficiently.

We use the solution for cybersecurity.  

We use a Check Point internet security appliance and have recently purchased their endpoint security solution.  

We have found the systems easy to manage and monitor. These systems are providing critical security to our computing systems. Past systems have required multiple products from multiple vendors. The Check Point solution provides multiple products under a single interface, greatly simplifying my job.  

We have yet to implement all of the blades/features of the Check Point solution, however, we are very happy with those we have used.

The product has done a great job in protecting our business network and SCADA systems.  

The single management interface has simplified our procedures. Training has been easier since there is only one interface to learn, not multiple interfaces from multiple vendors.  

As we implement more features of the security appliance, we find more value in it. Our cybersecurity posture is stronger than it has ever been with the addition of the Check Point appliance. 

We look forward to implementing additional features of the system.

The single interface to manage multiple cybersecurity platforms is great. In the past, we had multiple security appliances from multiple vendors. Each of these had their own interfaces and their own peculiarities. Staff had to learn multiple interfaces to provide our systems with cybersecurity. Additionally, when there was an issue, multiple systems needed to be checked to clarify and remedy the situation. If something was getting blocked incorrectly, we had to search for which systems was blocking it and then determine whether the block was legitimate. With the Check Point appliance, all of the blades are accessible through a single interface. We can easily track the reason for a block.

Some of the configuration elements could be improved. 

More automation of the tasks that now need to be performed at the level of the operating system could be made more streamlined. For example, we've often had issues where the log space has filled up. It would really be nice to have a feature in the GUI that addresses the cleanup of old files/logs. This is very much a manual process now. I have to get a putty or WinSCP session to the device and dig through the directory structure to find old files that are safe to delete. Luckily, I haven't accidentally deleted any critical files (so far).

I've used the solution for more than five years.

We have found the Check Point device to be very stable.  We rarely have to restart the device and have never experienced a hardware issue.  

The scalability is seamless.  

Customer service and support have always been very responsive.

Positive

We previously used a Netscreen firewall.   

The Netscreen firewall was limited and we had to rely on other appliances from other vendors to augment its capabilities.

It was a straightforward implementation. We did have a consultant help us in the initial setup of the systems.

The level of expertise of our vendor team was very high.

Our ROI is the peace of mind that our systems are well protected.

The Check Point solution is pricy, however, for what you get for your money, it is well worth it.  

The setup is pretty easy and licensing is straightforward.

We asked for a recommendation from a security consultant. They indicated that Check Point was the premier vendor of security appliances.

I'm glad we made the decision to use a Check Point appliance and am sure that we will stick with Check Point when we replace our current system.

We primarily use the solution for the management of thousands of rules. partially automated via the well-documented API.

Managing the rules is a day-to-day business that takes a lot of time. It is really good that we can do the management through the dashboard. It is so comfortable, and, in contrast to other manufacturers, is structured much better. The integration of the logs allows a quick jump by mouse click between rules and log entry.

The API reduces the administrative effort so that we can concentrate on the essential things. in addition, it is an enormous advantage for our customers that rules are created automatically and are available immediately.

The transparency of the rules and the integrated logs makes daily troubleshooting easy and saves a lot of time. 

Managing the rules is a day-to-day business that takes a lot of time. The dashboard is great and much better in contrast to other manufacturers. 

The integration of the logs allows for a quick click between rules and log entry. 

The immediately visible audit logs are also a great advantage. This allows changes to a rule to be tracked quickly and any errors to be corrected.

The management API is the best new feature for me. It allows us to further automate our customers' automated server ordering.

The API reduces the administrative effort so that we can concentrate on essential things. It is an enormous advantage for our customers that rules are created automatically and are available immediately. 

For our private cloud, we have to stay competitive with the public clouds and the speed on offer is what counts here. It's good.

The new web management tool allows the management in the browser, which is a great feature.

The management API can be further developed so that all functions offered by the dashboard are also available via the API (for example,  Network Topology).

The new web management tool which allows the management in the browser has to be developed further so that all functions from the dashboard are available. Many of our administrators work with a Mac OS. Until now, the management of rules is only possible on  Windows as the Smart Dashboard is only available for Windows. Now, with the first release of the web interface, it is possible in the browser. All functions from the dashboard must still be possible via the web interface.

I've used the R77.30 version since 2013.

We've upgraded to R80.10 in 2019. The update was a bit complicated, however, with the pre-check and some cleanup, it went without a problem

We upgraded the R80.10 to R 80.30 in 2020. The update management with the migration of export/import was a remote update and was easy.

We upgraded R80.30 to R80.81 in 2021. The management update was very easy and through the wizard, everything was very clear in terms of the individual steps. The update of the gateways took place at night.

We do not have any stability problems.

Check Point Maestro offers the industry a new way to leverage current hardware investments and maximizes appliance capacity. It's in an easy-to-manage hyper-scale network security solution in order to bring our networks and data centers into the world of hybrid clouds.

The case handling is good. If you have experience and know what information the support needs, then the processing time can be minimized.

Neutral

In the past, we have used a Cisco ASA. Our management of the rules was not so good there.  We also use FortiGate. This already offers a nice web interface, however, managing a large set of rules is almost impossible there.

The initial setup was very simple. However, the migration of rules from other vendors was challenging.

For large migrations, we always use a service provider or the manufacturer's team (Check Point Professional Services). Here we can fall back on well-trained SE's with a lot of experience.

No exact ROI has been calculated.

All of our administrators have previously been on CCSA/CCSE training which provides good insights into the products. After various tests, we were able to carry out most of the setup ourselves in a developer environment. We were able to keep the costs for the migration low by using a lot of our own initiative. However, I would recommend the support of a Check Point certified partner.

Together with a Check Point partner (service provider), the requirements should be evaluated. Here, we were able to draw on the experience of our service provider and develop our environment according to our requirements.

We did not evaluate any other options.

I can recommend the Check Point solution.

We work with multiple clients managing their network firewalls. This includes many multi-national networks as well as local systems in the U.S.A. 

We primarily are utilizing these products for managing customer/client environments to modify access rules and other policies for controlling traffic to and from both internal and external networks as well as cloud-based Azure systems. 

Check Point management products are in use in all these networks, including both standard Single Management Servers as well as Multi-Domain Management servers.

Check Point Security Management has always made it simple and easy to manage all our firewall systems and firewall policies. 

Check Point Security Management systems, both standard Single Management Servers as well as Multi-Domain Management servers, have made it very simple and easy to perform daily functions such as adding new user hosts or destination servers to existing firewall policy rules and successfully managing large corporate networks easily from both our office space or from remote worker systems.

We love the ability to monitor performance in real-time, and gather critical information about network flows and traffic. 

The controls for creating, modifying, and editing firewall policies, firewall configurations, and other system operations are very simple and seamless. Accessing and viewing logging from many firewalls worldwide is also made very simple and intuitive with the ability to see both an overall picture of the logging, as well as the ability to filter down to the most specific traffic flows.

Sometimes there are some performance issues that cause certain operations to run slowly, however, that may just be due to the hardware it is running on needing to be stronger. Check Point could possibly lighten up the software code so that it is not as resource-intensive and will run more smoothly on a variety of hardware and cloud or virtual machine platforms. 

More ability for users to generate reports for traffic flows, firewall performance factors like CPU, memory usage, total bandwidth consumption, and tracing heavy traffic (elephant) flows would also be great.

I've used the solution for over seven years.

So far, we have not experienced really serious issues with the stability of the platform.

Check Point Security Management is pretty robust at allowing the management of large numbers of firewalls - especially the Multi-Domain systems.

Though we do not need to utilize the support services often, they have always been prompt and courteous, and definitely knowledgeable.

Positive

Some of our clients have switched from other firewall solutions such as Fortinet or Palo Alto, however, they were not happy with these systems for various reasons.

These systems are pretty straightforward to install and implement.

Check Point seems to be reasonable with its pricing, and competitive in the market.

Sometimes our clients look at other options such as Palo Alto, or even a blend of these and Check Point.

We use Check Point Security Gateway GAIA R 80.40 as our secure gateway firewall. We have configured two gateways as active-passive in cluster mode. We also use R 80.40 as our security management server to configure the policies on the firewall. We use it primarily to control traffic and secure our network perimeter against unknown attacks. The different rules and policies for the SSL VPN connections are configured on the mobile access blade. We use the policies to segregate and filter the traffic flow. 

Check Point Security Management GAIA R 80.40 tremendously helped us in securing our network perimeter against various threats. 

We have used the access rules and application/URL filtering blades to filter and restrict unwanted traffic. 

The IPS blade, Antivirus blade, Anti-bot blade, Threat Emulation blade, and Threat Prevention blades are helping us tremendously in preventing attacks and thus take care of the threats at the gateways themselves. 

At the time of COVID, the Mobile Access blade has helped greatly in the smooth running of production.

We have found all the security blades very helpful. The IPS blade, Antivirus blade, Anti-bot blade, Threat Emulation blade, and Threat Prevention blades have been most useful in securing the network. 

With the antivirus, IPS, and Anti-bot blades signatures being automatically updated regularly on a daily/hourly basis, the network is always safe. 

The URL and Application Filter blade offers a daily update of the database which helps us control the traffic. 

Mobile access has helped us cater to more than 4000 users so that they can work from home.

The Security Management server could be improved. If it provided an inbuilt authenticator for multifactor authentication, that would be ideal. Currently, we have to depend on a third party for multifactor authentication. 

It would help us greatly in securing the remote access users if Mac binding can be done for remote access VPN users in mobile. It would be helpful if we could enable URL and application traffic control remote access. 

The logging and reporting are good, but it would be helpful if more report templates were available.

I have been using Check Point Security Gateway for more than 7 years.

The stability is great.

The scalability is great.

Technical support is good.

Positive

The company has been using Check Point for a long time. It's been more than 10 years. I have been with the company for past 7 Years.

The initial setup is straightforward.

We had assistance from our Vendor Team (ISecurenet). They are very good.

Our ROI has been above expectations.

The price is high but worth it.

Check Point is one of the top leaders in security solutions.