Coming October 25: PeerSpot Awards will be announced! Learn more

Check Point Security Management Room for Improvement

JM
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees

I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application.

The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.

View full review »
RD
System Engineer Network & Security at OTTO GmbH & Co KG

The management API can be further developed so that all functions offered by the dashboard are also available via the API (for example,  Network Topology).

The new web management tool which allows the management in the browser has to be developed further so that all functions from the dashboard are available. Many of our administrators work with a Mac OS. Until now, the management of rules is only possible on  Windows as the Smart Dashboard is only available for Windows. Now, with the first release of the web interface, it is possible in the browser. All functions from the dashboard must still be possible via the web interface.

View full review »
CM
Senior Infrastructure Services Specialist at St.George Bank Limited

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, performing a smart view monitor will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor can be integrated in the R80.40 and R81 versions, that would be ideal in understanding the trends and graphs of how traffic is observed hitting the different Check Point Firewall Gateways that the Security Management controls. It will also help support teams to identify capacity limitations and have a foresight of what's happening in the environment at any given point in time.

View full review »
Buyer's Guide
Check Point Security Management
October 2022
Learn what your peers think about Check Point Security Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
634,590 professionals have used our research since 2012.
CM
Senior Infrastructure Services Specialist at St.George Bank Limited

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, it will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor could be integrated into the R80.40 and R81 versions, that would be great. It would help us in unpacking the trends and graphs and see how traffic is observed when hitting the different Check Point Firewall Gateways that the Security Management controls. It will help support teams to identify capacity limitations and have oversight into what's happening in the environment at any given point in time.

View full review »
Ozan Durmus - PeerSpot reviewer
Senior Information Security Specialist at Akbank

I am happy with Check Point Security Management. However:

1- In order to work management console, you need some good appliance or you need to provide more CPU and Memory to the appliance.

2-If you overload your appliance with detailed log, you need additional appliances. For big companies even smart 5150 kinda devices is not enough.

3-I normally had trouble updating licenses automatically. We always need to add manually and this is tiresome.

5- API seems to be fine but need some improvements and Check Point should provide scripts to its customers for tiresome jobs.

View full review »
GC
Senior Infrastructure Service Specialist at a financial services firm with 10,001+ employees

One possible improvement for the platform would be the import of security policies via CSV or CLI. Even though the platform is simple, and creating security policies is a fairly quick task, creating a bulk of policies at once (ie. for a migration) could be a useful tool. This is probably possible through scripting, however, having an easy-to-use "import CSV" button would be beneficial.

Another feature that could be improved is the export of configurations to CSV. This is often useful to map current firewall policies or NATs. I understand that this feature is available currently, but would CSV bring objects with names (but not IPs) and groups (but not the members). The improvement of this feature would surely be welcomed.

View full review »
RW
Senior Systems Engineer at Upper Occoquan Service Authority

Some of the configuration elements could be improved. 

More automation of the tasks that now need to be performed at the level of the operating system could be made more streamlined. For example, we've often had issues where the log space has filled up. It would really be nice to have a feature in the GUI that addresses the cleanup of old files/logs. This is very much a manual process now. I have to get a putty or WinSCP session to the device and dig through the directory structure to find old files that are safe to delete. Luckily, I haven't accidentally deleted any critical files (so far).

View full review »
PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos

The solution could be improved in these ways:

1. In order to work the management console properly we're required to have more memory and CPU on the system where we need to install a setup.

2. Due to the large size of logs generated for daily traffic, even when old logs purging is enabled, we need to delete old logs manually or else it causes errors while publishing policies which slow down the process.

3. SD-WAN functionality could be added.

4. The required license addition for every blade is a bit of a complicated task for normal IT admins to understand.

View full review »
Christine Kunda Chungu - PeerSpot reviewer
Systems Engineer at Starblabs Limited

It could improve by showing DNS-specific information for connections to unknown public IPs. 

Check Point could also improve management by not having applications for each version released because we have to install a new application for every version it is not very nice. They could do that by moving management to the web so that we do not have to install a client for every version. 

The fact that you have to connect to two different applications for management, does not make it the most usable. It could be great to have a system setting and policy setting done from one interface. 

View full review »
GD
Global IT Network and Security Service Senior Specialist at a manufacturing company with 1,001-5,000 employees

I've found the solution was a bit unstable. It would be better to improve the stability of the service. Another thing that needs to be improved is the Checkpoint support. Very often they were not able to solve the problems that we had. Sometimes to solve problems you need to install a new Hotfix or Custom release - and that can generate some side effects that can create instability problems. It's necessary to improve the support - especially the one that is provided in India.

View full review »
MB
Presales engineer cybersecurity expert en ElevenPaths at Telefónica

In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer.

It would be a good policy to try to assign senior engineers when it has been verified that an incident is critical and urgent for a client and not to resort to less-experienced technicians that can put at risk the recovery of the attacked assets.

Apart from that, at the architectural level, it is a very competent and versatile solution.

View full review »
Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees

It is very difficult to recover policies from the gateway in case if you lose your security management server, and don't have a backup.

The backup functionality (Migrate export command), which covers policies, can not be operated from the GUI. Instead, we have to log into the CLI and generate a file then take it out. For those not familiar with the Command Line interface, there should be an option in the GUI for operating backups. There should also be an option to automatically schedule the backup. 

The smart dashboard is a very heavy application. If we could directly connect & manage firewalls from the Management server itself then it would make it very easy.

View full review »
LN
Technical Manager at M.Tech

In complex environment, the Security Management system manages many firewall gateways. There are thousands of security rules in the server and there are also other security settings about Check Point blades. Database in the server becomes large. Hence installing policy takes very long time to complete. Imagine that the administrators must process their daily tickets. They make configuration changes in Smart Console of Management Server for the first ticket, and while waiting for installation completion, then they receive the second ticket, a critical case, what should they do? This is only one of the situations that the administrators are facing in operation. Hope that Check Point can improve the processing time of installation.

View full review »
AB
Network Security Engineer at Atlantic Data Security

Sometimes there are some performance issues that cause certain operations to run slowly, however, that may just be due to the hardware it is running on needing to be stronger. Check Point could possibly lighten up the software code so that it is not as resource-intensive and will run more smoothly on a variety of hardware and cloud or virtual machine platforms. 

More ability for users to generate reports for traffic flows, firewall performance factors like CPU, memory usage, total bandwidth consumption, and tracing heavy traffic (elephant) flows would also be great.

View full review »
Adriamcam - PeerSpot reviewer
Consultant at ITQS

The web administration tool that allows administration in the browser must be developed even more. When one tries to enter the panel, the loading delays us. 

They can also implement version updating. 

Another feature that could be improved is the export of configurations to .CSV. This would further simplify the management and compliance with rules.

View full review »
DH
Support at a tech services company with 51-200 employees

There are some improvements that can be generated in this solution. For example, their internal environments and dashboards should all be updated to look pleasant on a visual level.

It would be helpful if the documentation and good practice guides are updated. Many are still from R77.

At the support level, they should expand the languages of attention to be able to expand support in countries where the English language is not standard.  They could improve the response time when it comes to providing customer support.

View full review »
alvarado - PeerSpot reviewer
Cloud Support Leader at a tech company with 51-200 employees

I sincerely believe that the documentation could be improved a little for cloud implementations both in Microsoft Azure and others. The documentation is somewhat messy. We also found many versions of the documentation for which it was difficult at first to achieve all the adaptations that we required.

However, once implemented and we obtained the appropriate documentation, everything was clear, and the guarantee that it generated for us was very good, so I honestly have a good rating for this product.

View full review »
DN
Customer Executive IT at a tech services company with 10,001+ employees

The Security Management server could be improved. If it provided an inbuilt authenticator for multifactor authentication, that would be ideal. Currently, we have to depend on a third party for multifactor authentication. 

It would help us greatly in securing the remote access users if Mac binding can be done for remote access VPN users in mobile. It would be helpful if we could enable URL and application traffic control remote access. 

The logging and reporting are good, but it would be helpful if more report templates were available.

View full review »
SH
Senior cyber security specialist at Optiv

The application filtering and URL filtering could be better.

They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution.

Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. 

It is advised to make the processes simpler.

Need to have simple scripting and automation methodology to automate the networking operations.

View full review »
LA
Cloud Support - Security Admin at a tech company with 1-10 employees

Every manufacturer must have enough documentation for client implementations and proofs of concept. However, Check Point has many outdated manuals. These should be simpler for users and help them to manage their environments with the best practices.

As for the support, it is not the best. The hours are different from those in America. They generally respond to us at dawn. They are not as fast or efficient, and they could improve in this area.

Some costs are ridiculously high. Adding additional licenses for Remote VPN is very expensive compared to other manufacturers. They could lower the costs.

View full review »
DD
Network Engineer at CMA CGM

We would like to improve the upgrade process in order to do mass upgrades to firewalls and to be able to upgrade target firewalls at the same time.

I would like to be able to use Check Point Security Management in a way where it is hosted on the cloud. I'd like secured Security Management directly reachable from wherever you are with no need to install the Check Point client software on the laptop.

I would also like to have the ability to easily export the Check Point security policies in order to exploit the data in other applications and have more compatibility with other applications.

View full review »
RO
Sr. Security Infrastructure Engineer at NTT Security

The upgrade procedure already made huge improvements, yet it remains more challenging compared to other products. However, everything is well documented and the Check Point support is very skilled, so risks are rather limited. 

As this is probably the most complete product within its segment, no huge improvements are required from my point of view. Another problematic point, the policy installation duration time is solved since version R8x, so that's good. Clients always tell me: "Check Point is the Rolls Royce within this segment, it is outstanding". 

View full review »
CA
User at a financial services firm with 5,001-10,000 employees

Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa, and we don't know whether it is because of our region.

I would like a feature where there is a workflow to provide authorization to some users before they're able to create and apply rules. Such a feature should be integrated with the management. It should not be in the box that comes with it.

View full review »
KP
Network Administrator at SOTI Inc.

Being a security appliance, there should be the ability for the Security Management server to send email alerts via authenticated email. One of our requirements from the organization is to not use unauthenticated email and to only use authenticated email which this does not support.

SmartConsole should be available for MacOS machines. Not every Network/Security administrator utilizes a Windows machine. Being a Mac user, I need to have a VM with SmartConsole installed in order to be able to manage my gateways. I have heard the newer versions allow management through a web version however I have not tested it as of this moment.

View full review »
PL
Firewall Engineer at a logistics company with 1,001-5,000 employees

Troubleshooting is quite complicated within multi-domain management. If an issue arises, the local administrator has to keep in mind that there are other domains that could be also affected.

For each version, you have to download a new GUI. Sometimes the GUIs have fixes in them. If you need a new one, you have to inform and update all administrators too.

Some features still use the legacy GUI, however, as far as I know, it is planned to include this in newer versions (R81+). 

Unfortunately, there is still not a rule checker in place where you can insert SRC/DST/Port and it shows you which rule it matches.

View full review »
Jonathan Ramos G. - PeerSpot reviewer
Cloud Engineer at ITQS

I would like this solution to be integrated directly into the Cluster XL equipment. We'd like something that is all in one. The implementation becomes quite complex due to the extensive and not very graphic guides that we can find on their portal. 

View full review »
SM
Network Engineer at Fujairah Port

Initially, I was not a huge fan of Check Point's SmartConsole; I'm not sure why; perhaps it was because I was used to using only the web interface in other vendor firewalls like Palo Alto, Fortigate, and so on.

Now that I've tried it, I have to say that it's the greatest way to handle firewalls. There are some flaws, however, Check Point is working to correct them with each version.

They need to make a Mac version of the SmartConsole, in my opinion.

Aside from that, I'm satisfied with Check Point solutions.

View full review »
JC
Systems Administrator with 201-500 employees

I would like for users to have more control over the platform in the next release. Right now, the system is very central and general requiring new rules to be created that better-suite our requirements.

View full review »
Mustafa ÇİÇEK - PeerSpot reviewer
Contracted IT Staff at Sağlık Bakanlığı-Turkish Ministry of Health

Policy installation time can be reduced. Proof of concept really matters on this subject. Every organization's needs are different and unique. Therefore, before you purchase the product, use proof of concept as much as you can. 

View full review »
CM
Head of IT Director at Cosyn Limited

The tracking of new threats could be improved.

View full review »
SM
ICT at a manufacturing company with 501-1,000 employees

The graphical interface is nice but it is a bit heavy. Even installing the policies is often a very slow activity. Sometimes it happens that the rules are scattered in several points such as global properties, security policy, and/or application policy and it is difficult to find the point where to intervene

View full review »
Buyer's Guide
Check Point Security Management
October 2022
Learn what your peers think about Check Point Security Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
634,590 professionals have used our research since 2012.